Securing Endpoint User Access

Written by Vince Lujan on May 9, 2018

Share This Article

Securing endpoint user access is critical for modern IT organizations. Essentially, it refers to the ability to securely manage and connect users to their laptops, desktops, and other enterprise devices – including the ability to revoke access if necessary. Endpoints are the conduit to an organization’s critical applications and data. In an age when over 5mm data records are lost or stolen every day, clearly, securing endpoint user access should be a priority.

The challenge is to ensure that only the correct users have access to endpoints and to implement consistent security policies on them, whether they’re running Windows®, macOS®, or Linux®, and whether they’re on-prem or remote. This can be especially challenging if an organization wants to leverage a single identity management platform to not only secure user access to disparate endpoints, but also applications, files, and networks.

Fortunately, a next generation identity provider (a.k.a., a cloud directory) has recently emerged that was built to manage modern networks. However, before we highlight a few of the features of this comprehensive cloud-based solution as it relates to securing endpoint user access, we should talk about the concept of user access management for endpoints at a high level.

Intro to User Access Management for Endpoints

securing endpoint user access

The concept of user access management is nothing new in IT. In fact, organizations have always needed the ability to control user access to IT resources, especially endpoints. As mentioned, endpoints are the conduits to an organization’s IT resources, not to mention they can also store sensitive information locally. As a result, there are plenty of traditional approaches for securing user access to endpoints. However, when you consider that 2017 was marked as “the worst year ever” for data breaches, then it’s easy to understand why admins are beginning to question the traditional solutions.  

Traditional Solutions for Securing Endpoint User Access

cross-platform device management

Historically, IT has leveraged Microsoft® management tools like SCCM® (formerly SMS) and Active Directory® (AD) to provide secure user access to Windows-based endpoints. Microsoft tools such as these were introduced in the 1990s, at a time when Microsoft Windows was effectively the only game in town. So, it’s no surprise that Microsoft management tools like AD and SCCM have enjoyed great success.

One of the key advantages provided by Microsoft tools, as it relates to endpoints, is the Group Policy functionality. Group Policy refers to the ability to manage fleets of Windows-based systems at once, specifically, via GPOs (Group Policy Objects). With GPOs, IT admins can remotely configure screen lock timeout, disable USB ports, and manage guest access to name a few examples, which can be applied to groups of Windows endpoints at once. As a result, IT could effectively leverage a single identity management platform to secure user access to all of the endpoints in their organization – given that enterprise IT environments were basically networks of Windows-based IT resources around the turn of the century.

Add Mac and Linux

Active Directory fails in the cloud

The IT landscape started to change as Mac® and Linux endpoints were introduced in the mid-2000s. Macs have since become popular alternatives for Windows user endpoints, and Linux has become the preferred option for endpoints in the data center. While the advantages of this cross-platform approach are numerous, the challenge is that Active Directory has remained the core identity provider in charge of managing user access to endpoints for most organizations.

This is a challenge because Active Directory was designed exclusively for managing Windows-based users and endpoints in on-prem IT environments. Last time we checked, Mac and Linux are not Windows. So, it’s no surprise that it is difficult for IT organizations to secure access to Mac and Linux endpoints, either on-prem or remote, with the native capabilities of AD alone. This is a big problem for organizations with cross-platform system environments (i.e., most modern organizations), especially as it relates to securing endpoint user access.

Of course, savvy IT admins are well aware of the fact that many third-party solutions exist that can provide secure endpoint user access for Mac and Linux. Most of these add-on solutions are even designed to integrate with an on-prem instance of AD so that admins can extend Microsoft user identities to non-Windows IT resources. However, as more IT resources such as systems, web applications, storage, and cloud infrastructure move away from a Windows foundation, more IT admins have come to realize that patching AD with a third party add-on every time a new IT resource is introduced is no longer a viable option.

Endpoint Security with a Cloud Identity Provider

mac management

Fortunately, a next generation cloud identity provider has recently emerged that is effectively a reimagination of AD – a cloud directory designed for cross-platform system environments and modern networks. It’s called JumpCloud® Directory-as-a-Service®, and it has the power to securely manage and connect users to their systems, applications, files, and networks – all from one completely cloud-based directory services platform.

Specifically, as it relates to user access to endpoints, the JumpCloud platform enables IT to manage password complexity to ensure that user credentials are in compliance with company regulations. IT can also enforce the use of MFA (multi-factor authentication) at the system and/or application level or SSH keys with servers such as those at AWS. The JumpCloud platform even offers its own cross-platform GPO-like capabilities, called Policies, that enable IT admins to configure screen lock timeout, disable USB ports, manage guest access, and more – but for fleets of Windows, Mac, and Linux endpoints rather than just Windows, and without anything on-prem.

The end result is that IT can once again leverage a single identity management platform to secure user access to all of the endpoints in their organization. This time, however, it is completely cloud-based and works regardless of the platform, provider, protocol, or location of your IT resources. In other words, JumpCloud Directory-as-a-Service is the best thing to happen to directory services since Active Directory, which is why many organizations are using it to replace AD.

Learn More About Endpoint Security with JumpCloud

Securing endpoint user access is just one example of how the JumpCloud Directory-as-a-Service platform can benefit your organization. Sign up for a free account or schedule a demo to see a comprehensive cloud identity management platform in action. Otherwise, don’t hesitate to contact the JumpCloud team if you have any questions.

Vince Lujan

Vince is a writer and video specialist at JumpCloud. Originally from the horse capital of New Mexico, Corrales, he has lived in Boulder, Colorado for three years. When Vince is not developing content for JumpCloud, he can usually be found at the Boulder Creek.

Continue Learning with our Newsletter