IT admins can now support “Trust Nothing, Verify Everything” with new access control policies for flexible approaches to verify user identities through trusted networks and devices
LOUISVILLE, CO – Dec. 16, 2020 – JumpCloud has added Conditional Access policies to its Directory Platform, enabling IT admins to adopt Zero Trust security from the same cloud platform that they use to manage and securely connect users to IT resources. Conditional Access is policy-driven control that ensures only appropriate users from known networks, known devices and with appropriate privileges, be granted access to company resources. With this release, JumpCloud is making it easier for IT teams to adopt a “never trust, always verify” model in their organization.
According to the August 2020 Forrester Research, Inc. blog post, A Look Back At Zero Trust: Never Trust, Always Verify, “Old-school approaches to security aren’t cutting it. Many organizations feel that Zero Trust is too hard, time-consuming, or costly to implement, but it will save your organization in the long run. The strategy leads to the reduced risk of being the victim of a ransomware attack, paying hefty fines, or suffering loss of customer trust following a breach.”
The JumpCloud Platform’s identity and access control provides core authentication and authorization to employee devices, networks and on-premise and cloud applications. The release of Conditional Access introduces policy-driven security checks to confirm authentications are verified via trusted networks and devices managed by the organization, giving JumpCloud customers an easier path to implement a Zero Trust model.
“Our clients have a wide range of identity management needs, made even more complex with a global distribution of users, devices, and the networks they’re signing onto,” said Brian Coleman, founder of MatchstickBHM. “With JumpCloud’s new Conditional Access policies, we can strengthen our Zero Trust posture with trusted identity, network, and device, and manage it through a single admin portal.”
JumpCloud’s Conditional Access includes four main components to support Zero Trust:
- Identity Trust: JumpCloud’s core directory securely manages an organization’s user identities including all credential control and revocation, two factor verification and contextual data to ensure appropriate levels of permission when accessing resources.
- Network Trust: JumpCloud’s Network Trust enables organizations to ensure authentication requests are only allowed from specific IP addresses or ranges of addresses. This restricts traffic to resources only from locations organizations know or otherwise ‘trust’.
- Device Trust: JumpCloud’s Device Trust ensures that employees only access company resources from devices which are under company management, and secured through JumpCloud’s MDM and agent-based management functions. The new Conditional Access release adds the ability to more granularly define what constitutes a trusted device and prevent or allow authentication based on policy and context.
- Policy Driven Access Control: Tying these new identity, network and device trust functions together are new simple-to-implement access control policies. The policies provide a customizable and layered approach enforcing second factors of verification (MFA) when combinations of network and/or device are deviating from the gating policy.
JumpCloud’s Conditional Access policies are available now as part of the JumpCloud Platform Plus package, and can also be added a la carte to other packages. More information can be found in the following resources:
- Forrester Research: A Practical Guide To A Zero Trust Implementation
- JumpCloud Office Hours Recording: Head of Product Bill Mrochek and Senior Technical Product Manager Dave Madrid walk through Conditional Access policies in a detailed product demo
- JumpCloud’s December 17 webinar will include a deep dive into the details of Zero Trust Security
- Conditional Access guided simulations
- Conditional Access & JumpCloud Intro Video
- Simplify Zero Trust Security from the Cloud
About JumpCloud
JumpCloud’s mission is to Make Work Happen®, by providing people secure access to the resources they need to do their jobs. The JumpCloud Directory Platform gives IT, security operations, and DevOps a single, cloud-based solution to control and manage employee identities, their devices, and apply Zero Trust principles. JumpCloud has a global user base of more than 100,000 organizations, with over 3,000 customers including Cars.com, GoFundMe, Grab, ClassPass, Uplight, Beyond Finance, and Foursquare. JumpCloud® is backed by BlackRock, General Atlantic, OpenView, H.I.G. Capital, OurCrowd, and Foundry Group.