Where Does JumpCloud Fit Within Your Zero Trust Strategy?

JumpCloud Satisfies Key Parts of NIST SP 800-207

Written by David Worthington on June 2, 2022

Share This Article


Contents


Top of Page

A Zero Trust architecture (ZTA) categorizes every source of network traffic as a potential attack vector. It’s a very different perspective from traditional perimeter-based security models, which are better understood. So, let’s demystify what Zero Trust is, and how JumpCloud’s platform helps to satisfy some of the most important tenets of the architecture. Namely, it accomplishes this by authenticating and verifying all users and resources using a device/agent gateway deployment. JumpCloud controls access, manages identities, and creates device trust.

The traditional perimeter approach is akin to an M&M candy: a hard shell with a soft interior. Let’s face it, network boundaries no longer exist, because work from anywhere is now an indefinite trend. Users are also the soft underbelly of network security, sometimes making small and medium-sized enterprises (SME) an easy target. There cannot be implicit trust placed in users within the “citadel” of an enterprise network, because accounts are a veritable backdoor into your protected resources. That’s why ZTA emphasizes protecting access to IT resources.

Layers of defenses must work in unison to deliver strong Identity and Access Management (IAM), collect and analyze system data and limit and monitor all network traffic for irregularities. An SME cannot just “buy” ZTA, but an ecosystem of products can help you to implement it. JumpCloud is one of the vendors you should consider for a Zero Trust posture.

Where JumpCloud Fits

JumpCloud covers several of the elements that NIST outlines in its overview of ZTA in its publication NIST SP 800-207. These sections align with what JumpCloud provides its users.

Identity Management and Directory

  • 3.1.1: ZTA Using Enhanced Identity Governance

JumpCloud uses an attribute-based access control (ABAC) model that creates context around each user. Attributes can inform access control determinations, such as denying access to apps when a user has the wrong supervisor. The system also makes suggestions for changes, providing an always-on “audit” of user privileges. Attributes can be imported from Microsoft 365, Google Workspace, or through a variety of pre-built HRIS integrations. A SCIM interface streamlines provisioning and managing user accounts within your line of business web applications.

JumpCloud unifies systems, applications, files, and networks.

The JumpCloud User Portal

  • 3.2.1: Device Agent/Gateway-Based Deployment
NIST flowchart of the relationship
Image credit: NIST

Think about it this way: you’ve likely already allocated your budget toward endpoint detection and response (EDR) or data loss prevention (DLP) systems. Why would you then permit an unmanaged device to access your most important resources? That’s the difference between securing the perimeter and ZTA, and the problem that JumpCloud solves.

JumpCloud permits access only from devices that you’ve invested in to protect, and it’s uniquely capable of performing this vital role cross-device and cross-platform. The JumpCloud portal serves as the “brains” that will disallow access to your resource from unmanaged devices. Devices are managed using agents, which enforce security controls and integrate IAM.

This is made possible by a device trust posture where agents enforce policies for patching, hardening systems with point-and-click policies (or benchmarks via commands or MDM), as well as certificate-based device trust when conditional access is enabled. The latter adds a layer of network trust so that devices will be geofenced, restricted by IP, or required to be challenged by multi-factor authentication (MFA). Agents ensure that these cloud-managed rules are enforced.

MFA Everywhere

JumpCloud MFA is deployed via Push or TOTP, and it’s integrated into our LDAP, RADIUS, and single sign-on (SSO) services. An additional layer of biometric authentication can be deployed to further secure your most important assets, preventing the leakage of highly confidential data.

Deployment scenarios can include domainless organizations, organizations that have satellite offices, remote workforce governance to collaborate across network boundaries, contracted/non-employee access, and when SMEs have multi-cloud requirements.

Try JumpCloud

Zero Trust is possible, and JumpCloud makes Zero Trust architecture accessible for SMEs with a consolidated platform of IAM and device management capabilities. The JumpCloud platform connects you to more things and is free of cost for 10 devices and 10 users. You’ll also receive complimentary premium chat support and can ask questions with your peers in our community. Support is available 24×7/365 within the first 10 days of your account’s creation.

David Worthington

I'm the JumpCloud Champion for Product, Security. JumpCloud certified, security analyst, a one-time tech journalist, and former IT director.

Continue Learning with our Newsletter