MSPs Must Prevent IAM Tool Sprawl

Written by David Worthington on February 9, 2022

Share This Article

The Mouse Trap game was a hit in my childhood home. It featured an animated board with a menagerie of components (a Rube Goldberg machine for kids) working sequentially to accomplish a single task: engaging a trap for a plastic mouse. All of the parts had to be assembled correctly and no individual component was “aware” that it was part of a system.

It’s a game of course, but surely there’s an easier way to capture a mouse with fewer moving parts involved. The same holds true for IT, where we have a tendency to overthink and overbuy to solve what is often a straightforward problem. For example, we’ve witnessed substantial growth in Identity and Access Management (IAM) as a result of “work from anywhere” becoming an indefinite scenario for small and medium-sized businesses (SMEs). There are many solutions for managing a growing number of identities, which has begun to fragment how identity is managed overall. There’s a tangible cost for SMEs, and it’s certainly not “fun.” 

For those who use them, Managed Service Providers (MSPs) are an SME’s most trusted technology advisor, and recommending the appropriate products and services is fundamental to that relationship. The market for MSP services has become more crowded, and a competitive advantage is always desirable, but it’s difficult to do more when staff are being pulled in too many directions. Piling on vendors only makes it more difficult for your team to focus on the highest (business) value jobs, because their time is cycled toward training and, in the worst case scenario, learning on the client’s dime. 

The universal challenges of vendor sprawl are feature overlap, budgeting, and an increase in vulnerable cyberattack surface areas. This article outlines how to assess your client’s IAM requirements and what JumpCloud can do for you. It also details the problems that vendor sprawl can and will cause SMEs. Our objective is for you not to become a “mouse” to big vendors, and bring to the surface the potential risks that are involved with unregulated IAM vendor sprawl. 

Our hope is that you’ll consider trying JumpCloud as an alternative that consolidates IAM tools, helps make your business more agile in response to clients’ business needs, and provides a path for sustainable growth. 

Why Fragmented Identities Are Undesirable

Identity sprawl is problematic because it compounds complexity for you and your team. The reality of fragmentation is that many identities exist in many systems. That makes basic, core tasks such as managing employee lifecycles and onboarding and offboarding needlessly more complicated. The fact is, fragmented IAM tools aren’t “aware” that other solutions are also managing identity. This has the cumulative effect of taxing your staff with endless busy work and acutely raising the costs, risks, and complexity of your clients’ existing IT infrastructures.

Each system is also a new potential entry point for attackers. Adding too many IAM tools adds to the attack surface area and raises cost for the resources required for deployment and ongoing management. It’s more practical to have a solid foundation that you can master and build upon to connect users to more things. As a result, your team’s time can be spent adding business value for your clients, and you won’t have to hunt down new hires with arcane skills.

Scaling your growth while meeting the demands of modern IT, where centralized IAM is more significant and strategic than ever, is key. We believe that our platform accomplishes that.

Turn Your Staff into Productivity Multipliers

My time spent as an IT director made evident the challenges that MSPs face, which aren’t unique to that segment: it’s difficult to both hire and retain good people. That operational burden is compounded when only a few individuals possess specialized knowledge about complicated IAM practices and related security tools. That can leave IT with a tendency to overthink and overbuy every “gee whiz” solution that’s available in the market. There’s only so many places a person can be at once, while client demands only increase. I’ve also witnessed what happens when that singularly indispensable individual faces burnout and MSPs experience staffing shortages, because the requisite skills are too narrow and specific.

The solutions that you standardize on can help to address these challenges if you stop and ask the right questions. Nothing is as constant as change, and playing it “safe” with the same ol’ same ol’ could be your undoing in a marketplace where clients are more likely to switch their MSP than they were in the past. Unfortunately, lighting up the “board” with fragmented IAM solutions that increase complexity (for your team and your clients) won’t help either.

Assessing Your Requirements

MSPs should ask themselves:

  • Is it easier to train, manage, and certify my staff on many solutions versus it being more efficient to consolidate into a single platform of choice?
  • Are the skills to deliver and support the tool(s) concentrated in too few staff members?
  • Am I delivering the greatest value to my clients?
  • Will the service that I’m recommending provide an upgrade path, without dangerously increasing my time commitments per client engagement and overloading my staff?
  • Could we do more with less complexity?
  • Are customers more amenable to a single invoice versus managing multiple vendors, simultaneously?
  • How good is the support and how many vendors will I have to chase down if something goes wrong?
  • Would the budget be better spent on value-added activities such as a security program or driving business enablement versus layering on more infrastructure?

It might surprise you, but we advise first taking stock of what you already have to work with. It’s possible that the capabilities that you require are already baked in or could be supplemented by a platform such as JumpCloud. For instance, we make it possible for Active Directory users to connect to more things without re-creating identities. Selling so-called “best-of-breed” solutions outside of an existing infrastructure may not be in the client’s best interests.

You’ll find that many services do essentially the same exact thing, with the exception being only a few specialized workflows that address very particular sets of problems, which may not be specifically what your client needs. Put yourselves in their shoes and consider the client’s perspective and the impact of adding additional IAM tools prior to adopting something new.

The impact of IAM fragmentation is costly and could cascade into unforeseen problem areas. Here’s a quick checklist of questions to ponder before asking clients to open their wallets:

  • What do they already have?
  • Can it accomplish what we’re seeking to do next?
  • Is there a solution available that’s interoperable or is it time to migrate and drop legacy systems (and the associated overhead) and embrace the domainless enterprise?
  • Is the platform we’re considering interoperable with their other stuff? For example, is there a centralized directory that manages identities and/or secure access to resources?
  • What are their minimum requirements and do I really need much more than that?
  • Where do the services I’m considering overlap and, worse, do they create silos?

How Does JumpCloud Solve IAM Sprawl?

We’re built specifically for the SME marketplace and help MSPs consolidate everything that’s necessary to securely connect to services and data, while governing and managing devices cross-OS.

Here’s a brief overview of what JumpCloud’s platform is capable of delivering:

  • A centralized LDAP directory that can be a substitute for a domain controller.
  • A dashboard that streamlines governance and device/user lifecycle management.
  • Policies and root access (such as PowerShell) for management and automation.
  • Smart group management using attribute-based access control (ABAC) that applies business logic to group membership and makes dynamic recommendations for maintenance.
  • Single sign-on (SSO) with a growing library of pre-built application connectors and SCIM user provisioning. We also easily integrate with Microsoft 365 and Google Workspace.
  • RADIUS services with the possibility of integrating MFA as a challenge response.
  • VLAN steering via RADIUS group attributes.
  • Built-in, free TOTP multi-factor authentication (MFA) and JumpCloud Protect™ to push MFA, to deliver the most secure and user-friendly user experience possible.
  • Conditional Access policies, as a premium tier, to further secure remote access to IT assets with a Zero Trust posture.
  • The ability to customize and control OS patch management throughout your fleet for every major OS, not exclusive to Windows only.
  • Mobile device management (MDM) for Apple products to automate provisioning, app deployment, and policies.
  • And much, much more, including directory, device, and events monitoring and reporting.

These features are available in one place, without the managerial overhead of deploying, maintaining, supporting, and understanding disparate IAM tools from multiple vendors. We also provide JumpCloud University certifications to help MSP team members quickly master deployments to deliver clients greater value with far less operational difficulty and expense.

Try JumpCloud

The JumpCloud platform securely connects you to more resources, and is free for 10 devices and 10 users with complimentary premium chat support. Support is available 24×7/365 within the first 10 days of your account’s creation. MDM is fully integrated within the JumpCloud console and our directory agent operates without a domain controller or can coexist with Active Directory to extend its capabilities with a centralized slate of services.

David Worthington

I'm the JumpCloud Champion for Product, Security. JumpCloud certified, security analyst, a one-time tech journalist, and former IT director.

Continue Learning with our Newsletter