Tracking events and access to resources plays a crucial role for IT administrators at organizations that need to prove compliance. For Service Organization Control 2 (SOC 2) compliance, an event logging solution covers several of an organization’s requirements. Using JumpCloud® Directory Insights™, IT administrators can centralize their governance needs with their directory service in the cloud.
What is Directory Insights?
JumpCloud’s premium Directory Insights feature provides event logging across the entire Directory-as-a-Service® platform. Directory Insights details events such as password and group membership changes, as well as any alterations to SSH keys or MFA status. Access to Windows®, Mac®, and Linux® systems, SAML, LDAP, and RADIUS resources are tracked as well, along with every time a user logs into their JumpCloud User Portal.
Directory Insights is available to use in the JumpCloud Admin Portal’s Insights tab, so you visualize your audit logs and make any necessary changes to users and their access rights through a single pane of administrative glass in the cloud or through scripting in PowerShell. Admins can opt to use Directory Insights as their sole event logging tool, or tie it into a Security Information and Event Management (SIEM) or other analytics solutions through the JumpCloud API.
Directory Insights and SOC 2 Compliance
SOC 2 compliance is unique to each organization’s specific operations, but broadly stipulated through five key Trust Service Criteria (TSC) as detailed by the American Institute of CPAs (AICPA): security, availability, processing integrity, confidentiality, and privacy. Directory Insights supports these by building an audit trail of a Directory-as-a-Service instance that admins can use to identify potential vulnerabilities and address them, respond in the case of a security incident, and prove they have the ability to do so.
Let’s break down how Directory Insights supports each of the SOC 2 TSC.
The Directory Insights UI provides event logs, showing when and where (by IP address) their users access the tools they’ve been authorized, as well as any changes to their group membership, passwords, or access rights. If an event appears to be unauthorized, the admin can use these insights to take immediate action to uncover the issue and deny access if necessary.
Directory Insights informs admins how users access their endpoints in real time. To keep operations running smoothly, especially customer-facing ones, an audit trail can provide a bill of health for critical systems, especially when combined with a system configuration monitoring tool like JumpCloud System Insights™.
IT admins need data across all of their services to prove that data follows its proper, secured path through an organization for auditing purposes — including access logs. Directory Insights provides admins with centralized event logging across the JumpCloud’s core Directory to minimize the chain of custody and processing events. With the Activity Log in the Admin Portal, admins can filter Directory Insights data to hone in on specific services and events to find the processing data they need in a few clicks.
While solutions like encryption are required by SOC 2 to guard stored customer data, admins also need to restrict confidential data access specifying which users can access it and apply multi-factor authentication (MFA) to protect access points. Admins can implement these requirements through Directory-as-a-Service and confirm the proper confidentiality processes were implemented through Directory Insights.
Directory Insights shows admins and auditors any changes that have been made to user accounts, including group membership or password updates. If an admin authorizes access by the principle of least privilege, any potentially compromising changes can be identified through the event logs, and addressed at once to maintain privacy.
What is Directory-as-a-Service?
Directory-as-a-Service (DaaS) is the first cloud directory service, providing cloud access control and device management including MFA and full disk encryption (FDE) among other security features for SOC 2 compliance. Our internal IT team uses JumpCloud to meet SOC 2 Type 2 compliance, and handle JumpCloud’s identity and access management.
For even more visibility for auditing and governance purposes, admins can also employ System Insights™ to see a snapshot of system performance and configuration data across their fleets, which also proves useful for SOC 2 compliance by providing actionable insights in terms of the five TSC laid out above.
You can try Directory-as-a-Service, as well as Directory Insights and System Insights, free for 10 users, forever. We include 10 days of complimentary, 24×7 live chat-based support in the product to help you get started.