Company CEO Rajat Bhargava said as network perimeters continue to dissolve organizations need to embrace an alternative approach to security that is based on identity. With more employees working from home to help combat the spread of the COVID-19 pandemic, there is no longer a network perimeter around which to organize a cybersecurity defense.
Historically, IT organizations have relied on platforms such as Microsoft Active Directory (AD) to manage identities within the confines of a network perimeter. However, with more users accessing IT resources running on multiple platforms from anywhere using any number of types of devices, a more different approach to managing identity is required, he said.
The JumpCloud approach centralizes the management of identity to create a zero-trust IT environment without having to stitch together a patchwork of different tools for each platform an organization needs to support, said Bhargava. IT organizations also want to be able to access that directory via graphical tools as well as command-line interfaces (CLIs) and application programming interfaces (APIs) depending on their level of DevOps maturity, noted Bhargava.
JumpCloud, which makes a free edition of its platform available for individuals and small teams, is already being employed by more than 100,000 organizations spanning 100-plus countries. More than 3,000 of those organizations, including Cars.com, GoFundMe, Nimbus Therapeutics, Grab, Pulselive, SlimPay, Foursquare, Beyond Finance and Funding Societies, are paying to employ JumpCloud.
Most recently, JumpCloud added a tool that enables IT teams to remotely install software onto end user Windows devices software, as well as integrations with Slack, Salesforce, Atlassian, GitHub and Amazon Web Services (AWS).
The company has raised more than $165 million in funding and is planning to add more than 500 employees to its payroll in the years ahead, said Bhargava.
There is a significant amount of inertia to overcome when attempting to supplant Microsoft AD, a platform some organizations have been employing for decades. However, as organizations shift toward zero-trust computing models, many are concluding that a more granular approach to managing identity is required. There may be multiple ways to achieve that goal, but a platform based on a familiar directory construct should make it easier for IT teams to make that transition.
Regardless of the approach, a transition toward identity-based approaches to cybersecurity that was gaining traction prior to the pandemic is starting to accelerate. IT organizations are coming to terms with the fact that most employees will not be returning to the office full-time, even if a vaccine becomes available and widely distributed. Social distancing requirements are also limiting the number of individuals that organizations can have in the office at any time, while other organizations are concluding they no longer require physical offices to be productive. But if the credentials of employees working from home are compromised, a cybercriminal can bypass all the perimeter-based security tools an organization has deployed, said Bhargava.
The only way to effectively secure IT environments that are continuously being remotely accessed is by making certain who is allowed to access what resources when. That may require a significant amount of effort, but at this juncture, legacy approaches to cybersecurity are no longer sufficient.