This guest post is by Mike Merideth, senior director of IT at VictorOps. VictorOps is a Boulder based company in the DevOps space doing some really innovative things around helping teams be more efficient, including our team here at JumpCloud®. We’re proud to count VictorOps as one of our customers, and we appreciate all the insightful feedback they have given us.
The SaaS industry is exploding, with new products hitting the market every day. It seems there is no business function too small to be addressed, and value-conscious organizations are eager to enjoy the cost savings and easy management of SaaS wherever they can. Of course, it’s possible to get too much of a good thing. With point solutions proliferating, small, tightly run companies need to consider the overhead of managing potentially dozens of vendor relationships and integrations. So how do you determine which SaaS solutions make sense?
When evaluating a service-type solution for a business need, it’s important keep a few considerations in mind:
- Will it save money? Will outsourcing this function cost less than in-sourcing it?
- Will it solve a real problem? Does the SaaS solution address all of the business requirements? Is it addressing a real need, or is it a solution in search of a problem?
- Will it save time? Will using this vendor free up internal resources to work on bigger priorities?
VictorOps uses SaaS for several internal functions. JumpCloud’s Directory-as-a-Service® is our choice for user and system security management, because it provides good answers to all of the above questions. It addresses the critical need and meets our requirements: it’s cost-effective and a time saver.
A Real Need
Every organization operating on the Internet needs to address network security, just as every business with a storefront needs a lock on the door. But all too often, security takes a back seat to other priorities in the early stages of a company’s lifecycle. At VictorOps, we knew from day one that we needed to take security seriously. But network security can be difficult to implement, is always difficult to monitor, and in traditional IT organizations, represents a specialist discipline. JumpCloud gives us a huge leg-up with network security by taking some of the more tedious and easy-to-neglect tasks and making them just happen, everywhere and all the time.
A Real Solution
JumpCloud addresses user management and basic security monitoring in a way that’s easy to get going and useful right away. Even if you have a configuration management system running, it can be easy to forget little details that can leave you vulnerable. JumpCloud excels at finding these details and bringing them to your attention, across your infrastructure. We were lucky enough to be able to participate in JumpCloud’s beta, and when we first fired it up nearly a year ago, we had actionable intelligence that we were able to use to improve security right on day one.
User management is similarly easy to implement, and gives your organization the ability to grant and revoke access for a single system or your entire network in near-real-time. Building this sort of user management Nirvana ourselves would have taken us months, and provided no visible benefit to our end-users. Instead, we got to concentrate on our own product and once again let JumpCloud sweat the details. We win, and our customers win because we’re focused on them rather than solving internal problems.
It’s hard to quantify the value of system security, and maybe that’s why we tend to think of it entirely in terms of cost. Of course, if you’re a bank, it’s pretty easy to put a value on a good vault (the value of whatever it’s holding). In the IT world it’s not always so clear-cut. Damage to reputation, loss of revenue, loss of IP assets, these are all real consequences of poor security, but they’re nearly impossible to forecast, so it’s difficult to budget your security strategy against those factors. A better way to think about it then, is in terms of human cost and value. Anyone who has participated in a post-mortem and recovery after a security breach has some idea of the immense time sink that such an event can become.
So, thinking of it in that way, it’s pretty easy to balance the time that forensics and recovery take (and the cost of that time) against the time it takes to protect your network. No security preparations can protect you from every attacker, but a few basic measures can keep out 99% of the “script kiddies” that are out there trolling for an easy kill. And that’s where JumpCloud shines. They make it easy and quick, both to implement those measures, and to ensure that they stay in place. A configuration audit that would take hours if done manually just happens, automatically and repeatedly.
At VictorOps, we’re very excited about the future of SaaS and are always looking for new ways to use others’ products to build value around our own. JumpCloud’s Directory-as-a-Service hits the sweet spot for us by effectively addressing a real problem, and solving it for us in a way that saves money and time, and it allows us to keep our focus where it needs to be: building the best product we can for our customers.