By George Lattimore Posted July 11, 2018
Did you know the number one cause of companies being breached today is the compromise of identities? It’s true, and what’s more, identity compromise is first by a country mile: 81% of all breaches are based on identity theft or compromise (Verizon). With this in mind, it’s no wonder that every IT organization’s foundation revolves around an identity security solution. Let’s take a look at why some identity security solutions work better than others.
New Era for Identity Security Threats
For IT organizations everywhere, dealing with a new generation of security threats is critical. It used to be that the risk was purely external as threats amounted to outside port scanning and the vulnerability of unpatched systems. While external threats are still an issue, the bad guys have learned an unfortunately powerful trick—it’s easier to compromise a key identity when they have a free pass into the network. Major breaches like Target® and Sony® confirm that viewpoint.
Figuring out identity security has been quite the long and winding road. Before identity breaches were a common occurrence, Microsoft® Active Directory® (AD) was the core identity provider for most organizations, and the predominant on-prem directory service. Historically, AD has done an excellent job of managing Windows systems and application access, but continues to struggle with non-Windows® IT resources. That’s why IT organizations have leveraged solutions such as identity bridges, web application single sign-on platforms, privileged identity management, multi-factor authentication, and much more. With so many disparate solutions, it’s becoming even more challenging for IT organizations to create security around their identity management infrastructure.
As end users continue leveraging more online resources for their personal activities than ever before, you can start to see why there are significant problems emerging around identity security. End users have been known to reuse the same login credentials across both personal and work resources, and with so many passwords to remember, it’s understandable that they might start to get a bit lazy with their password strength. This is one argument for adopting a zero trust network architecture.
A Core Identity Security Solution
Despite mounting evidence that keeping identities secure is a challenge, there is an identity security solution that can help. Called JumpCloud® Directory-as-a-Service®, this cloud identity provider is dramatically stepping up security fortifications for protecting identities. While there are a number of ways that this modern directory services platform makes this happen, at the core, this cloud directory ensures passwords have been one-way salted and hashed.
Not sure of what this means? It’s a catchy way of describing how passwords are stored and assuming that the process is done correctly, it makes it near impossible to crack a password through automated systems. Specifically, by combining passwords with automatically generated numbers on the way into a system, a fixed-length cryptographic hash is created, and then salted with an additional number for storage—that’s one-way salting and hashing. When a user enters a password into the system, the process of hashing and salting reoccurs, and the password is then compared to the original for authenticity.
The reason that we do this is because there is no encryption key stored on the system or elsewhere that can be found and used to compromise passwords. Each password must be guessed because if the salt and hash are strong enough, modern computers can’t crack the password.
Furthermore, IT admins can add multi-factor authentication to their application and device access—a significant yet easy-to-implement deterrent to an identity compromise—and server access can be controlled through SSH keys. Password complexity can also be set using a variety of parameters to ensure long, strong passwords that users hopefully are not reusing elsewhere.
Learn more about JumpCloud Directory-as-a-Service
As a core identity security solution, JumpCloud does more than just take security seriously. With a private PKI infrastructure for two-way TLS authentication and encryption between our servers and each agent, this modern cloud identity provider can be a dramatic step-up for IT organizations. Further, independent audits and penetration tests are conducted and integrated multiple times a year by qualified third-party assessors to ensure tight operational and security processes.
If you’re interested in hearing more about how JumpCloud can be an identity security solution for your organization, please contact us directly. One of our product experts will be happy to answer any questions you might have, and give you a personalized demo tailored to your security priorities. Ready to explore the platform for yourself? Go ahead and sign up. It’s free, and so are your first 10 users.