Advanced Access Control for Servers

Written by Rajat Bhargava on January 12, 2016

Share This Article

Today, servers are a critical part of every organization. Infrastructure-as-a-Service providers, such as AWS, Google Compute Engine, and Digital Ocean, are making it simple and cost-effective to build out server infrastructure. Those servers are not only providing critical applications internally but also externally to customers. There are some challenges with servers being located anywhere in the world: controlling who has access to them and what access they have. Historically, user management has been done manually, but today’s modern technology delivers advanced access control approaches for servers.

User Access and Security Compliance Trends

User management systems for servers are a critical part of an organization’s IT infrastructure. Servers should require a unique login per user rather than any shared accounts. Additionally, each account needs to be managed with the proper permission levels. As an organization grows, there should be bands or levels of access. Often this is done by role or type of job. This simplifies server access control and helps IT manage and organize access. User access should be audited for a couple of reasons: to ensure that the right people are accessing the appropriate systems and to track the tasks that are carried out on the server. This not only ensures proper security levels, but it also preps an organization for any audit or compliance requirements.

Password Complexity is Never Passé

As part of advanced access control, users should be required to have complex passwords or to utilize SSH keys. Ideally, the organization would leverage SSH keys as that is a more secure mechanism of access. Smart solutions will help set high levels of password complexity, rotate passwords or keys on a regular basis, and ensure that old passwords cannot be reused. Another critical component of advanced access control solutions for servers is the ability to enforce multi-factor authentication.

DaaS Fashions Advanced Access Control for Servers

Directory-as-a-Service (DaaS) is a key platform for managing access to servers. There are almost too many advantages to DaaS to name, but I’ll try. Users can be centrally managed for all three major operating system platforms: Windows, Linux, and Mac. DaaS controls access by natively creating, modifying, and terminating accounts on each platform. A lightweight agent is leveraged for each platform. IT admins can specify whether they require a specific level of passwords or SSH keys. Multi-factor authentication can be enforced for Linux systems (among other Linux management capabilities). DaaS works with on-premises servers or those hosted in the cloud. No VPN tunnels are needed as the agents and the Directory-as-a-Service infrastructure talk to each other over a secure mutual TLS connection.

If you would like to learn more about how Directory-as-a-Service can be your advanced access control solution for your server platforms, check out our access control case study or drop us a note. Or feel free to give JumpCloud a try. Your first 10 users are free forever.

Rajat Bhargava

Rajat Bhargava is an entrepreneur, investor, author, and CEO and co-founder of JumpCloud. An MIT graduate with over two decades of high-tech experience, Rajat is a ten-time entrepreneur with six exits including two IPOs and four trade sales.

Continue Learning with our Newsletter