At our most recent Office Hours panel discussion, JumpCloud® technical experts did a deep dive on how we approach device and password security — particularly in our new WFH reality.
End users access most, if not all, of their IT resources via their devices, so it’s crucial for IT administrators to properly manage, configure, and secure those devices. This is particularly true with remote devices that are outside IT’s traditional purview. Here, we’ll recap the session and give you concrete ways to secure your devices with JumpCloud.
Device at the Center of IT Security
JumpCloud is an all-in-one access control and device management platform, which means you can use it to manage user identities, provision them to IT resources, and configure their devices.
As JumpCloud Group Product Manager Brandon Hawkins noted: “The employee’s device acts as a conduit to the rest of their IT resources. As such, it should be tightly managed and secured.”
Devices should be locked down with measures like full disk encryption, complex passwords, and multi-factor authentication. Using JumpCloud, you can deploy GPO-like Policies to Mac®, Windows®, and Linux® machines, as well as execute custom commands, directly from the web-based Admin Portal. You can use these Policies and commands not only to enforce full disk encryption but also set lock screens, disable external storage devices, and manage installed software.
Users can then employ core identities to access their machines, as well as other JumpCloud-managed resources including their web-based User Portals and single sign-on (SSO) applications.
Device-Based Password Changes
As part of JumpCloud’s device-centric strategy, you have the option to deploy native applications to both Windows and Mac machines for password management.
Instead of using web- or email-based forms, users are instead encouraged to change their passwords natively on their machines via these applications. This workflow is convenient for users, who don’t have to worry about VPNs or other cumbersome methods to change their passwords. It’s also more secure because you can educate users to change their passwords only on their machines and thereby avoid phishing attempts in web pages and emails.
“We would prefer you change the password from the system because it’s more secure that way,” Hawkins said. “We don’t have to have that additional attack vector.”
Password changes are also written back from users’ devices directly to JumpCloud’s core user repository and pushed to other JumpCloud-managed resources.
“The operating systems are secure,” Hawkins said. “We can initiate secure communications, like password changes, without having a man in the middle.
“We can also broker that password change out to all the connected resources and make sure everything is synced across the network.”
Users can also launch their User Portals directly from the native JumpCloud application, rather than finding and logging into a separate webpage.
Remote User Device Enrollment & Management
If you’ve not yet begun managing devices with JumpCloud, you can enable remote users to download the JumpCloud system agent on their devices directly from their User Portals.
In a few easy steps, users install the lightweight agent and you begin managing their machines with Policies and commands. You can then enroll Mac machines in JumpCloud MDM to begin using MDM commands, including remote wipe, lock, restart, and shutdown.
JumpCloud Customer Success Engineer Kevin Ruggiero said that this feature is designed to simplify the process for admins who would otherwise have to initiate a remote install.
“This is such a great feature,” Ruggiero said. “Especially working remote, it allows users to go in and do that and take away the part of doing a remote install or something like that.”
At JumpCloud, we’re continuing to prioritize and invest in device security measures that ease the experiences for admins and users without sacrificing security — including zero-touch enrollment workflows and conditional access policies. Watch the full webinar recording here to hear more about the concepts and our product roadmap priorities.
We also host live Office Hours sessions every Friday with admins and JumpCloud technical experts to talk shop and share best practices. Register here to join an upcoming session.