Want to know one of the dirty little secrets of the IT world today? If you simplify user access rules, you will simplify your life. Historically, creating access rules based on those that really need to access servers or apps is just plain hard to do with the tools that (until now) have been available to DevOps and IT pros. Manually creating that kind of access is out of the question as it will just take too long and be too hard to track, let alone audit. Configuration automation tools make it simple to give your entire staff the same level of access similar to tools like LDAP. What about getting to the nitty-gritty of segmenting access for different development teams, QA teams, security researchers, and ops personnel? Well, that’s neither easy nor straightforward.
The challenge here is that DevOps and IT pros know that controlling access is one of the most critical things that they can do to protect themselves. Creating access based on a need-to-know basis or access type of policy significantly reduces the surface area for attackers to penetrate. It helps avoid an inadvertent mistake from cascading to an enterprise-wide breach. It holds people accountable as well. Developers don’t have access to the production machines, only the ops folks do and as a result, changes can’t happen on the fly, which can lead to issues.
There’s no doubt that a more complex policy creates greater work and more thought versus a simple, one-size-fits-all policy. Until now, the problem has been that DevOps and IT admins haven’t had very good tools to solve this issue. JumpCloud® tackles this issue head-on by creating said good – no, great – Directory-as-a-Service® platform. It is both a fast and flexible method to create groups of users and servers through the Groups functionality. Groups allow you to quickly sharpen your user access policy to create separation and segregation. The result is greater accountability and much better security without the extra effort.
Also, you can grant temporary SSH access to an individual with JumpCloud. Our cloud-hosted directory service is centralizing user management, providing hosted LDAP services, implementing a RADIUS-as-a-Service solution, creating Single Sign-On across web and on-prem applications, enabling device management, and driving security with MFA.
Give it a spin when you have some time. You will feel the power of doing the right thing without the pain of it!