By Greg Keller Posted July 25, 2016
A unified cloud directory is the central source of authentication for virtually all of an organization’s IT assets. These assets can include systems, applications, and networks.
The cloud directory service is a critical part of the security and compliance infrastructure. The directory helps to authenticate, authorize, and manage user access. The log and event data that it produces can be incredibly valuable for IT organizations. Directory-as-a-Service® from JumpCloud® features audit and event logging as a core capability of the cloud-hosted platform.
Recording Audits And Events
For an identity provider, the audit and event data starts with authentication requests to the devices and systems that it manages. JumpCloud’s architecture leverages a lightweight agent for Windows, Mac, and Linux devices. The agent communicates to the JumpCloud infrastructure via a mutual TLS connection. When a user is authenticating to a laptop, desktop, or server, that login request is logged locally on the device. Those logs are regularly sent to the JumpCloud infrastructure where the data is collected. Login attempts that succeed and fail are both stored.
In addition to critical system login data, JumpCloud also logs all events on its web console. An admin’s actions are stored within our logging and events system. Any changes to account information are logged, including the addition and termination of user accounts added; modification of admin accounts; enabling services, such as Google Apps, Office 365, LDAP, and Single Sign-On; and any alterations to groups. End user console access is also logged, thus ensuring that IT organizations can provide audit data to regulators as well as review potential security events.
Documenting Compliance And Security Initiatives
Compliance and security activities are at the forefront of IT programs. Almost every day we are hearing about major breaches and security issues. Controlling user access is critical to compliance and security initiatives. In fact, identity theft is the number one method being used to compromise an organization.
An account is compromised and used as the gateway to the network and infrastructure. From there, data is stolen and the organization is breached. The ability to review log data from authentication events is a critical compliance and security step. Reviewing the data and looking for anomalous activity is critical. JumpCloud’s event and logging data can be imported into any number of log analysis tools.
Directory-as-a-Service®: Communicating A Complete Data Story
JumpCloud’s Directory-as-a-Service® feature for audit and event logging is provided via a REST API. The data is returned as a JSON object and can be easily manipulated and post-processed as desired. If you would like to learn more about how to use our audit and event logging feature, please check out our Knowledge Base. Also, if you would like more information on our cloud identity management platform, drop us a note. Or, please sign up for a free account. Your first 10 users are free forever.