Remote Work and Personal Devices
As the world abruptly shifted to remote work in 2020 in response to the global pandemic, IT departments struggled to ensure that their users had access to the resources they needed in a secure way. One major issue that arose was the use of personal devices to access corporate resources, which spawned the adoption of new bring your own device (BYOD) policies. While companies have adopted BYOD policies, many organizations still cannot properly secure these devices. According to a 2020 BYOD study by Bitglass:
- Over 26% of organizations lack visibility into even basic mobile applications such as email on personal devices
- Over 72% of organizations either lack BYOD malware protection entirely or rely upon endpoint installations
- Over 42% of participating organizations stated that they couldn’t verify whether or not internal BYO devices were exposed to malware infections
These stats are alarming, but not surprising given the sudden and abrupt transition to remote work. You may be wondering if you need a BYOD policy, or if the one you have in place is effective. Whether you have a policy in place or not, the concept of Conditional Access — grounded in Zero Trust principles — can help you ensure that your company’s resources are only being accessed by trusted devices.
What Is Conditional Access?
Conditional Access Policy: “Block Access to Applications If Not on JumpCloud Trusted, Managed Devices”
The above is a perfect example of how Conditional Access fits into your security strategy. Conditional Access provides another layer of security on top of your existing infrastructure. It utilizes specific conditions users have to meet before they gain access to your company’s IT resources — independent of their credentials. In the example policy above, Conditional Access allows you to control what resources unmanaged devices are allowed to access; in this particular case, an unmanaged device would not be able to access any application. Conditional Access can be thought of as any number of policies governed by rules which help build security practices such as Device Trust and Network Trust.
Conditional Access is rooted in the security philosophy of Zero Trust. Zero Trust is the idea that IT admins and security personnel must inherently implement the approach of trusting nothing and verifying everything, especially against any attempt made to access critical organizational data and resources by their end users. Zero Trust does not assume there are traditional security measures like firewalls, encrypted communication channels, or even the right person using legitimate credentials; alternative arrangements must instead be met to ensure the right users get access to the right resources in a way that meets IT security requirements. Fundamentally, Conditional Access provides admins with an easier path to implement the core foundations of the Zero Trust model by customizing their security layer to the needs of their users and organizational requirements.
Why Is Conditional Access Important?
With a global shift to remote work, the perimeter of security has changed. While accessing email, Google Docs, or even HR resources from personal devices may not pose a significant security risk, more and more employees now rely on home networks or personal devices to connect to corporate resources that contain sensitive and confidential information. Without the ability to ensure the fundamentals are in place, including basic endpoint and network protections, IT admins could find themselves blind to severe gaps in their security posture. And yet, many employees need the flexibility to work outside the confines of the corporate domain and can do so responsibly. Conditional Access provides IT admins with the capabilities to curb the use of unmanaged devices on insecure networks while still enabling the right employees with access when proper security requirements are met.
How Does Conditional Access Work within JumpCloud?
With JumpCloud’s Conditional Access capability, you can secure the use of managed and unmanaged devices, network access, and the management of identities from a single cloud directory platform. In this quick example, we’ll help tackle the BYOD challenges posed above by building out our example policy.
Once in the JumpCloud console, these are the steps you need to take:
- On the left-hand side of the page, click Conditional Policies under Security Management.
- Click the green (+) button in the top left-hand corner.
- Once the policy screen appears, name your policy, i.e., “Block Access to Applications If Not on JumpCloud Managed Trusted Device.”
- Scroll down to the Conditions section and select “add condition.”
- Choose “Device.”
- Select “Unmanaged device.”
- You can then choose your action; for the BYOD policy, click “Deny access to selected resource.”
- Lastly, click “update policy.”
What Is the Excluding User Groups Feature? Why Is It Important?
You may have noticed a field titled “Excluded User Groups.” This gives you the ability to exclude certain groups from the policy: “Block Access to Applications If Not on JumpCloud Managed Trusted Device.” For instance, with this feature you can exclude your executive group if you don’t want this policy to apply to them.
We do not recommend that you exclude any user from your BYOD policy, but with the Exclude User Groups feature, you are now able to amend your Conditional Access policies to meet the needs of your company.
Evaluate JumpCloud Free Today
If you’re new to JumpCloud and interested in learning more about the platform and how to achieve stronger security practices, evaluate JumpCloud today! JumpCloud Free grants new admins 10 systems and 10 users free to help evaluate or use the entirety of the product. Once you’ve created your organization, you’re also given 10 days of Premium 24×7 in-app chat support to help you with any questions or issues if they arise.