This is Part 2 of our webinar recap featuring RedMonk’s Stephen O’Grady and General Atlantic’s Gary Reiner. Watch the full webinar here, or keep reading for the highlights. If you would like to read the first part, you can do so here.
So, we’ve learned that the perimeter security model is out-of-date. But how do organizations shift their security models in response?
Gary points out that if access is granted at the data level — by starting with encryption, then having a function of who can do what with it, and then guaranteeing that the user is who they say they are — that makes for a more secure environment.
When most of the destinations are outside of the perimeter, we need to rethink our IT and security models, which is exactly what JumpCloud was built to do. JumpCloud is a protocol-driven cloud directory platform, and it’s designed to secure users, resource access and devices — regardless of type or location.
Modernizing Our Models in Response
Ultimately, the security goal of a remote world would mean not having any perimeters. Security goes back to ensuring the person is who they say they are and ensuring their access is tailored to what they need to get their job done.
To understand this, we must answer this question: How do we make sure that validation is happening at each access point and transaction? Gary predicts that the core of cybersecurity in the not-so-distant future will be application and user controls, meaning that the cloud directory platform validates who a user is, how they’re accessing a resource, and that they are allowed to access that resources. Gary predicts that perimeter controls will still exist, but they will be peripheral security measures (or rather, “speed bumps” for hackers).
Gary also brings up these components of overall security:
- User management: Validate the user is who they say they are via some combination of credentials, multi-factor authentication (MFA), and other factors, like location.
- Device management: Confirm whether the device that user has is managed and configured, and whether it will do any damage to the environment.
- Network access: Once the user and device are validated, ensure the network they’re using is secure, via RADIUS if they’re in the office or via a VPN if they’re working on an unsecured network remotely.
- Resource access: Grant access only to the resources users need to get their jobs done, and verify their identity at each access point.
How Cloud-Based IT Fits in this New Model
Stephen and Gary both espoused the benefits of a cloud-based tool to control remote IT environments. Here are the main benefits they covered:
- Seamless security, regardless of location: As mentioned above, the directory shouldn’t be encased in a perimeter that doesn’t actually hold the bulk of work that your organization does.
- Vendor consolidation: A vendor that manages not just the directory but also MFA, network access, device management, user access management makes for a single source of truth for IT admins and end users alike.
- Cost savings: Vendor consolidation usually leads to cost savings. Using one vendor makes for a more powerful platform that you also don’t have to pay for each individual feature.
The JumpCloud Directory Platform was built to enable employees to work remotely from home, on the go, or at a remote branch office.
Making remote work happen doesn’t have to be impossible for your organization. Reach out to one of our representatives to see if JumpCloud can help you enable your team to remain productive during times of mass remote work. Otherwise, you can sign up for a JumpCloud Free account for full access to the platform’s functionality for up to 10 users and 10 devices, along with 10 days of in-app chat support with engineers, to see a cloud directory platform at work.