By Greg Keller Posted January 10, 2014
We were recently speaking with one of our customers and they relayed an interesting story to us. This organization is a fast-growing start-up that has enjoyed significant early success. They have close to 1,000 servers, and we have been working closely with them to see how we can help automate their server user management. They happen to have virtual as well as physical servers, and interestingly have built their own data center – which adds to the twist of this story.
Recently, the company was doing some audit work, and they ended up implementing a process for background checks. As with many growing organizations, the HR process lagged behind the rest of the critical product-release process, and as such they had not done checks on their team. When they did, they ended up with a pretty big surprise. It’s vital to know who has access to your systems.
Their key admin – the one that had full physical and network access to everything – was a felon who had been just released from prison prior to his hiring (years previous). Of course, this sent some shock waves through the senior team, but they quickly realized that this was an informational issue and not a risk issue in their case. The individual was a great employee – loyal, hardworking, and trustworthy. They were happy with the individual’s performance and had full confidence and trust in him. The real issue was that they had never implemented a process to understand who had user access to their infrastructure. Furthermore, if something untoward had happened prior to their installation of JumpCloud’s Directory-as-a-Service® platform, they would have been exposed to significant risk – and a lot of damage could have been done before any remediation process was complete. With JumpCloud, removing user access to their 1,000 servers could be done virtually instantaneously. Alternatively, JumpCloud allows the granting of fine-grained access privileges, meaning the individual could be given limited access.
Control Who Has Access to Your Systems
Setting aside the details of this particular event, the critical lesson here is to ensure that you know the people that have privileged user access to your infrastructure – and that you have the right information to make the best decisions for your organization. The background check process isn’t just for those subject to compliance; it can be a valuable tool for all companies. In the case of this user, the outcome was positive and there was no harm done, but without visibility and controls in place, this situation had the potential to become a significant problem.
If you would like to learn more about how JumpCloud’s cloud based directory service can centralize user management and help you audit who has access to cloud servers, systems, applications, and your network, drop us a note. We’d be happy to talk to you about how our Identity-as-a-Service platform can support your needs and control who has access to your systems. Alternatively, feel free to try our identity management platform. Your first 10 users are free forever.