What measures does JumpCloud take to ensure security?
JumpCloud takes security very seriously. We work hard to ensure that our information and your data is secured. To find a detailed breakdown of some of the steps that we take, please visit this security practices page. Additionally, feel free to contact us and we can address any of your concerns, or you can view our disaster recovery and resiliency plan here.
What degree of uptime can I expect with a cloud directory like DaaS?
JumpCloud strives for 100% availability. Of course, as with any IT service, there is a possibility of errors, failures, or other problems that may cause downtime. We have a detailed disaster recovery and resiliency plan, which you can view here. You can also check our uptime here.
Does JumpCloud undergo a third-party security audit?
JumpCloud’s commitment to security includes measures to have independent audits to evaluate the operational and security processes of our service, our employees and company at large. JumpCloud has successfully completed an annual SOC 2 examination for our Directory-as-a-Service® (DaaS) system. The results of this examination are available upon request to customers by emailing firstname.lastname@example.org. In addition to our SOC 2 examination, we leverage penetration testing services a number of times each year along, with external vulnerability scans regularly.
How does multi-factor authentication (MFA / 2FA) work with Directory-as-a-Service?
JumpCloud’s approach to MFA involves system level and application level MFA. At the system level, we are able to require the second level of security at the login screen for Macs and Linux devices, ensuring that no one can enter your endpoint without the code. For application level MFA, we enable the extra layer of security on the JumpCloud user portal, which is the access point to many web applications. Learn more.
How does JumpCloud help me manage user passwords?
With Directory-as-a-Service, IT admins have access to a multitude of management capabilities over user passwords. Admins have the ability to require and enforce strong password controls, and they can define minimum attributes for passwords. Additionally, IT admins can specify the most recent password that can be reused, the password rotation schedule, and the number of failed attempts allowed. JumpCloud’s passwords are stored securely after being one-way hashed and salted. On top of that, these passwords are not stored in a format that can be read by anyone else – not even JumpCloud. Learn more.