Meeting strict enterprise security & compliance requirements
A lot of successful entertainment studios start in a garage with a few people and an idea. If that idea ever reaches fruition and is a success, they move onto the next project from there and over time are forced into having to mature quickly as an organization.
Our entertainment studio’s origin story follows a similar but slightly divergent path. They began with a contract for providing services as a bare-bones operation when they opened for business.
“We very quickly found out we were quite big without a lot of internal infrastructure,” says their CIO.
As the company continued to scale, their clients changed, and with them grew increasing requirements on the company’s IT environment to ensure that their sensitive intellectual property and other data was protected.
“We were working with major conglomerate companies, all of which have specific requirements around internal security,” says the CIO. “We needed a way to effectively secure things at the hardware level to meet these requirements.”
Choosing JumpCloud to secure their environment
As their team began looking to enhance the company’s security posture, they started looking for a solution that would enable them to remove local admin accounts from certain devices and manage all hardware from one central interface.
At the same time, the right solution would enable users to continue leveraging either Windows or Mac machines, which are both used heavily in their environment. Additionally, the team wanted a solution that worked well with Google Workspace, which they’ve been using since the company was incorporated.
“Google was well-entrenched in our business at that point and we didn’t have any interest in shifting away to 365 or anything else. We wanted to make sure that there was something that would integrate with Google Workspace.”
After researching the market, they ultimately found JumpCloud—the unified identity, device, and access management platform—which checked all the boxes.
JumpCloud seemed like the best option. We had clear, high-level compliance requirements with major clients. In order to hit those requirements, JumpCloud was the best solution we could find for our environment, and it enabled us to deliver year over year as those requirements got more complicated.
CIO
Unlocking more and more value from JumpCloud
With JumpCloud—which has become the company’s single source of truth that gets rolled out to Google and other services—the team has been able to secure its environment, ensuring only authorized users can access relevant resources from wherever they’re working.
Th[e] integration between Google and JumpCloud made it so easy for us to have single sign-on through Google.
CIO
“The last couple of years, about 50% of our staff have been remote; we’re pretty flexible with the way we let people work. When people are working from home, they VPN into our environment which authenticates with JumpCloud.”
By taking advantage of JumpCloud’s Google Workspace integration, they have been able to deliver a smooth user experience while ensuring only authorized users can access applications.
“That integration between Google and JumpCloud made it so easy for us to have single sign-on through Google; the native integration to Google SSO is everywhere, so it’s easy to let people use that,” the CIO continues. “But we have two individual identifiers that are synced in the middle, so you can be your Google account or be your JumpCloud account, and we authenticate with both in different ways and different situations, and it works out perfectly for the different use cases we have in our environment.”
To manage access to internal infrastructure like wireless networks, the company uses Cloud RADIUS and Cloud LDAP to deliver a seamless experience and enhance their security posture even more.
“Because the two accounts are so seamlessly synced, most people don’t even think about the fact that it’s not Google.”
Set up for scale
Their team is confident that they can scale with ease, all without compromising on security, with JumpCloud serving as the foundation of their IT environment.
“When we started using JumpCloud, we were small, and we had major concerns around security, control of devices, and visibility of our assets,” says the CIO. “I’d come from a corporate environment and it felt like we were very far away from being able to scale properly. As we integrated JumpCloud, a lot of that got easier. We quickly knew where everything was, and we could handle any scale. We significantly expanded our workforce, and never had any major system roadblocks along the way.”
Streamlining onboarding with Groups
When a new user comes on board, they’re initially loaded into the HR system, which then pushes the users to JumpCloud automatically.
“We don’t have to worry about something being misspelled or other issues like that,” says their Head of IT, who’s been managing their infrastructure “for as long as I can remember.”
Using Groups and Dynamic Groups, they are able to easily grant new hires access to relevant hardware and resources automatically.
“We use roles for different people based on how they’re defined in the HR system and then dynamically assign them to a group, which then gives them access to different hardware or resources,” he says. “Quite often, the approach I tend to take is having a device assigned to a group rather than an individual. As long as they’re in the same group, they can get the same access to a device. It’s very role-based rather than individual-based.”
Protecting devices with Policies and Commands
Their Head of IT says they’re using “quite a number of Policies”—10 or so—to further shore up the security of their environment and maintain compliance.
Locking down Windows is one of the main things we use Policies for, we also use it to disable particular accounts and force Windows updates—things like that.
Head of IT
Additionally, the team is also using JumpCloud Commands to keep devices and systems safe.
“We have a couple of custom commands that, on login, check that users have all the apps they need to have installed—like antivirus and services like that,” he continues. “We also have some scripts we run on machines that report back to our centralized system once a day so that we can see trajectories of how resources are being used, such as RAM and disk space.”
Due to the nature of their industry, a lot of their employees are “power users,” their CIO says, adding that most require “admin access on their machines in order to install IDEs or extensions to their development workflow.”
“It’s tougher to do full restrictive access, so we use policies and scripts to control as much as we can,” he explains.
Restricting access with MFA & JumpCloud Protect
They are using two-factor authentication (2FA), multi-factor authentication (MFA), and JumpCloud Protect to ensure only authorized users are able to access systems and apps.
“I don’t think there’s a service we have nowadays that doesn’t have two-factor authentication,” their Head of IT says.
Improving IT efficiency as the JumpCloud deployment expands
JumpCloud has enabled their team to streamline IT operations, keeping IT headcount to a minimum while the team begins rolling out JumpCloud to other companies in the wider portfolio.
“It’s allowed us to have a small internal team supporting a large and diverse workforce across all of our portfolio,” says the CIO. “It’s easy for us to find devices, easy to go in and help people with their machines—just general IT support has gotten simpler than it was. We are able to solve a lot of problems quickly and more remotely with JumpCloud.”
Using Directory Insights, JumpCloud’s event logging and compliance feature, they have been able to quickly find the information needed to solve IT problems.
Directory Insights contain a wealth of information, quite often, a lot of the problems people have are solvable through there.
CIO
Keeping pace with their own growth
Every year, their clients add on additional security and compliance requirements. With JumpCloud always adding new features to its already feature-rich solution, the team has been able to meet them with ease.
“From the beginning, our relationship with JumpCloud has been: ‘It doesn’t quite do this yet, we wait six months, it does this now, and then we implement it,’” the CIO says. “For us, the biggest metric to grading the success of JumpCloud is: Are we secure? And the answer is yes.”
Both their CIO and their Head of IT are quick to recommend JumpCloud to other companies.
“It’s worked for us for a long time and we are both big advocates,” the CIO explains. “Whenever someone’s using Google, we recommend JumpCloud. It meets all of our needs for security and compliance.”
Any tips for folks starting out with JumpCloud?
“Lean into it,” says the CIO. “It’s the best thing we did. We’ve never run into any major hurdles. Integrate it as your central system and build layers of security on top of it. You’re building your business around great technology.”
Their Head of IT suggests starting small rather than trying to “go too deep into the rabbit hole.”
“Keep it simple,” he concludes. “Identify the aspects of the tool you want to use and stick with those to start.”
About JumpCloud
JumpCloud® delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform.
To see the power of JumpCloud yourself, request a demo or start a 30-day trial today.