By Natalie Bluhm Posted July 20, 2018
According to a recent report from Verizon, 81% of breaches are a result of stolen and/or weak passwords. That’s a staggering number and one that has only been increasing over the years. Traditionally, IT admins were focused on protecting the perimeter. However, the modern era requires a zero trust concept, a concept that starts with securing your identities by building an identity security tool or program to protect your critical digital assets.
In order to understand why it’s no longer enough to solely focus on protecting the perimeter, we need to go over how the IT landscape has transformed. First, though, what do we mean by securing the perimeter?
Legacy Security Practices
Historically, the IT network was based on Microsoft® Windows®, it was located on-prem, and IT admins utilized Microsoft Active Directory® (MAD or AD) to manage users and IT resources. In this setup, user identities and IT resources were kept safely at the center of the network, and IT focused their security efforts on implementing strong defenses (like a firewall) at the perimeter of the network. This security setup was often referred to as “hard on the outside, soft on the inside.” The downside to this network architecture is that it assumes all communication taking place within the network is harmless.
This assumption might have been justifiable when environments were on-prem and users had to be in the office to access work material. However, changes to the IT landscape have demanded a new mindset—one that doesn’t trust so easily. Let’s take a look at the changes that have impacted legacy security practices.
Changes in IT Call for Rethinking Security Practices
Today, resources aren’t kept at the center of an on-prem network. In fact, the perimeter has largely disappeared because end users are leveraging cloud-based solutions like AWS® cloud servers, G Suite™ (formerly Google Apps) and Office 365™, SaaS applications, cloud file servers, and much more.
Further, employees and contractors are working from anywhere in the world. Their access may not be from a heavily fortified office, but rather a café with no security. Regardless of what solutions are being used and where they are being used from, IT organizations are now tasked with ensuring that identities are kept safe, not just securing the perimeter of the network. So, what are IT admins using for an identity security tool?
Finding a Modern Identity Security Tool
In the past, Active Directory was by-and-far the leading identity security tool. AD is challenged, however, when it comes to securing identities in a cloud environment with non-Windows resources. It simply wasn’t created to manage this type of environment. With breaches on the rise and their impact more pronounced than ever, it makes a lot of sense that IT organizations are searching for a new identity security tool.
JumpCloud’s Identity Security Tool
JumpCloud builds upon the concept of the traditional identity provider, but does more as it securely connects users to virtually all of the IT resources they need. Each identity is protected with one-way hashing and salting, and IT admins have the ability to enforce multi-factor authentication, SSH key authentication, password complexity, and more. Additionally, the core cloud identity management infrastructure is secured with a variety of different mechanisms and utilizes a multifaceted, in-depth approach. Read more about JumpCloud’s Security here.
Paranoia does not work retroactively, so don’t postpone implementing a modern identity security tool. Get more information about securing identities with JumpCloud by dropping us a note. Interested in testing our cloud identity management solution? Sign up for a free account where you’ll be able to explore all of our features. Your first ten users are even free forever.