Admin Activity Monitoring

By Rajat Bhargava Posted January 23, 2014

DevOps and IT admins have an interesting security problem that they need to solve. With an exploding number of cloud and virtual servers at places like AWS, Google Compute Engine, and SoftLayer, an increasingly technical workforce, and the trend towards using 3rd party technical experts, how do these modern day company leaders ensure that the right things are happening on the right servers at the right times? With all of this activity, is it just too hard to track and monitor everything?

DevOps and IT admins are privileged users who wield great power – and responsibility – over an organization’s IT infrastructure. One mistake, with, say, a command executed as root, could spell disaster – downtime, loss of revenue, or even loss of data are very real risks that organizations face every day. And, that’s a positive case. You read about the more negative cases every day in the newspapers, which happen when a malicious user leverages a method to obtain root access on a box or potentially a whole infrastructure doing damage.  This happened in the three most recent high profile breaches including SnapChatTarget, and MongoHQ. The hacker could then exfiltrate key data and compromise the organization’s end users, intellectual property, or even the organization’s employees. Security is always a critical issue.

Security Under the IT Admin Time Crunch

The challenge that DevOps and IT admins face is that systems today generate a tremendous amount of log data, and reviewing all of that data just isn’t possible. A log analysis system or SEIM just pushes the work around – you get a better interface to look at the data, but you still have to look. You need to know what to look for, make the queries, and then interpret the results. That’s not understanding the time pressure that DevOps folks are under.

JumpCloud has been thinking about this problem for quite a while. Fundamentally, we think this process needs to be automated – from collection of the data to analysis and interpretation. That’s a tall order, no question, but until that happens, the task of monitoring admin activity will still be too manual, time consuming, and ad hoc.

That’s why JumpCloud is striving to automate the analysis of privileged user access for mistakes and potential malicious activity, as well as presenting our users with the critical issues.

If managing user access to cloud servers is a problem that you feel like you need help with – give JumpCloud’s Directory-as-a-Service® a try and work with us to solve your problems. We know that this is a big problem and our approach could change the game for IT folks. We are continuously getting feedback and suggestions from our customers and adding capabilities every day.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts