As more organizations move to the cloud and implement BYOD (Bring Your Own Device) policies, many are overlooking a very important issue: security and usage policies on systems. We often hear from organizations that the endpoint is not their concern. A person’s desktop, laptop, or mobile device is really out of scope to lockdown.
The common argument goes like this: The organization is leveraging Google Apps (now G Suite™) as its core productivity platform, and virtually all applications are SaaS-based. Technical personnel are leveraging AWS® or Google Compute Engine™ for their infrastructure and Github™ for their code. There are no servers or systems hosted on-site, just the WiFi network that connects out to the Internet. Since everything is basically in the cloud, then nothing is on a user’s device. Documents, code, and data all live in the particular SaaS or IaaS-provider’s infrastructure. And because of all this,companies think they don’t need to worry about securing their systems.
There are a three significant flaws in this line of thinking:
Flaw 1: The end user’s machine is what accesses all of the different cloud-based services. A machine that has been compromised can be leveraged in any number of ways, including the attacker scraping credentials to those SaaS and IaaS services.
Flaw 2: A user often downloads data from the cloud onto their device. Copies of documents and code often end up on the end user’s machine.
Flaw 3: Auditing and compliance become complicated to manage, because companies will have to do the auditing and compliance of devices manually as a result.
Whether your organization currently leverages BYOD or you believe endpoints are disposable, one thing is (or should be) indisputable: security and usage policies on systems should be tightly managed. End user systems can be a significant conduit to security breaches.
How to Make Usage More Secure
There is a way to control and lock down your systems without the heavy lifting of most systems management solutions. JumpCloud® Directory-as-a-Service® is a cross-platform service that authenticates, authorizes, and manages users and their devices.
Controlling access to the device is the critical first step in controlling security and dictating usage policies.. User credentials are one of the most critical digital assets in an organization. Centrally controlling who has access to devices is vital to ensuring that devices aren’t compromised. Central control can help ensure that passwords are strong and rotated as appropriate. Also, that central control can assist with IT admins setting policies, updating software, and ensuring usage is appropriate. Directory-as-a-Service solutions have the ability to execute these tasks and set these policies centrally and on all three major platforms: Linux®, Mac®, and Windows®.
If you are concerned about your end user’s devices and you want to decrease the risk of a security breach, give JumpCloud Directory-as-a-Service a try. JumpCloud will help secure your systems, set policies, and control usage. One directory really can manage it all.