A Zero Trust architecture (ZTA) categorizes every source of network traffic as a potential attack vector. It’s a very different perspective from traditional perimeter-based security models, which are better understood. So, let’s demystify what Zero Trust is, and how JumpCloud’s platform helps to satisfy some of the most important tenets of the architecture. Namely, it accomplishes this by authenticating and verifying all users and resources using a device/agent gateway deployment. JumpCloud controls access, manages identities, and creates device trust.
The traditional perimeter approach is akin to an M&M candy: a hard shell with a soft interior. Let’s face it, network boundaries no longer exist, because work from anywhere is now an indefinite trend. Users are also the soft underbelly of network security, sometimes making small and medium-sized enterprises (SME) an easy target. There cannot be implicit trust placed in users within the “citadel” of an enterprise network, because accounts are a veritable backdoor into your protected resources. That’s why ZTA emphasizes protecting access to IT resources.
Layers of defenses must work in unison to deliver strong Identity and Access Management (IAM), collect and analyze system data and limit and monitor all network traffic for irregularities. An SME cannot just “buy” ZTA, but an ecosystem of products can help you to implement it. JumpCloud is one of the vendors you should consider for a Zero Trust posture.
Where JumpCloud Fits
JumpCloud covers several of the elements that NIST outlines in its overview of ZTA in its publication NIST SP 800-207. These sections align with what JumpCloud provides its users.
Identity Management and Directory
- 3.1.1: ZTA Using Enhanced Identity Governance
JumpCloud uses an attribute-based access control (ABAC) model that creates context around each user. Attributes can inform access control determinations, such as denying access to apps when a user has the wrong supervisor. The system also makes suggestions for changes, providing an always-on “audit” of user privileges. Attributes can be imported from Microsoft 365, Google Workspace, or through a variety of pre-built HRIS integrations. A SCIM interface streamlines provisioning and managing user accounts within your line of business web applications.
The JumpCloud User Portal
- 3.2.1: Device Agent/Gateway-Based Deployment
Think about it this way: you’ve likely already allocated your budget toward endpoint detection and response (EDR) or data loss prevention (DLP) systems. Why would you then permit an unmanaged device to access your most important resources? That’s the difference between securing the perimeter and ZTA, and the problem that JumpCloud solves.
JumpCloud permits access only from devices that you’ve invested in to protect, and it’s uniquely capable of performing this vital role cross-device and cross-platform. The JumpCloud portal serves as the “brains” that will disallow access to your resource from unmanaged devices. Devices are managed using agents, which enforce security controls and integrate IAM.
This is made possible by a device trust posture where agents enforce policies for patching, hardening systems with point-and-click policies (or benchmarks via commands or MDM), as well as certificate-based device trust when conditional access is enabled. The latter adds a layer of network trust so that devices will be geofenced, restricted by IP, or required to be challenged by multi-factor authentication (MFA). Agents ensure that these cloud-managed rules are enforced.
JumpCloud MFA is deployed via Push or TOTP, and it’s integrated into our LDAP, RADIUS, and single sign-on (SSO) services. An additional layer of biometric authentication can be deployed to further secure your most important assets, preventing the leakage of highly confidential data.
Deployment scenarios can include domainless organizations, organizations that have satellite offices, remote workforce governance to collaborate across network boundaries, contracted/non-employee access, and when SMEs have multi-cloud requirements.
Zero Trust is possible, and JumpCloud makes Zero Trust architecture accessible for SMEs with a consolidated platform of IAM and device management capabilities. The JumpCloud platform connects you to more things and is free of cost for 10 devices and 10 users. You’ll also receive complimentary premium chat support and can ask questions with your peers in our community. Support is available 24×7/365 within the first 10 days of your account’s creation.