By Rajat Bhargava Posted April 2, 2014
With the advent of the cloud, spinning up a server is a snap. No longer do you have to procure hardware, rack and stack a server, install software, and then configure it. With just the click of a button, a standard server can be up and running in seconds — and better yet, your own server image is too, and it has all of your software and configurations.
Unfortunately, when it comes to managing cloud server users, passwords, and SSH keys, one of the most critical tasks of setting up a server isn’t usually automated — creating user accounts, which is arguably one of the more painful multi-step processes IT admins have to take care of. Generally, you are given a root or admin account to your instance and, if you’re lucky, a wave goodbye. From there, the DevOps or IT admin will then provision all accounts for individuals and automated services that require access to the server. The admin has to communicate in a (hopefully) secure way with the individual or service to provide their credentials and ensure that each person or service has the proper levels of access or permissions. Access and permissions need to be constantly monitored for compromise and updated as the network or company changes. Add to this the pain of managing user access within the different environments of your organization (dev, test, etc.) and keeping an up-to-date account of who has access to what, and at what levels, is a huge challenge!
Most cloud providers want nothing to do with managing the accounts on your server, and frankly, most DevOps and IT pros don’t either! The job is tedious and more than slightly painful with issues such as lost passwords, rotating SSH keys, constant adds / deletes, and changing permissions popping up nearly every single day. Multiply that by tens or hundreds (let alone thousands) of servers along with a number of users and you have a nightmare on your hands. Managing users is a lot of work for any company – large or small.
The irony is that user management is one of the most critical items that an IT organization can manage. History has shown that the single biggest risk of a compromise is through the hijacking of personal credentials. This spans across accounts that have been compromised through phishing and username/password combinations stolen from another site to remnant accounts that should have been terminated long ago, or just plain brute force attacks. All of these tactics (and plenty more) are used by hackers and cyber criminals to gain access to your infrastructure.
The challenge that DevOps and IT admins face around centralized user management is two-fold: operational efficiency and security. Unfortunately, managing access and permissions to servers has not been simple nor straightforward.
JumpCloud’s centralized user management functionality within its Directory-as-a-Service® platform changes the game for IT pros: it makes it easy to provision users with SSH keys, or add multi-factor authentication (based on Google Authenticator). It also provides web-based password reset, so users can change their password themselves, without bothering IT. JumpCloud makes user management quick, simple, and secure. And, that’s why we are here and excited about what we are doing! If you’d like to give JumpCloud’s Identity-as-a-Service platform a try, sign-up for free. Your first 10 users are free forever.