Chase International is a luxury real estate firm for properties in the Tahoe/Reno/Vegas area with more than $1.5 billion in annual sales. With 12 offices to manage and a remote work transition to navigate, Chase International’s IT manager, Justin Price, wanted to select a directory service that would help the company remain agile and achieve regulatory compliance.
- Organization: Chase International
- Size: 60 full time users; 400 independent contractors
- Location: Corporate office in Reno, Nevada; 12 offices
- Problem: No directory service & unmanaged user machines
- Goal: Implement a directory service & achieve NIST compliance
Background: No Directory Service & COVID-19
Justin Price is an IT veteran with more than 10 years of Active Directory® experience. When he came to Chase International in February 2020, the company didn’t yet have a directory service in place, and user machines were unmanaged and unmonitored. Justin prioritized getting a directory service in place to remedy the fact that users were local admins on their machines and often shared passwords in their offices.
“It was a priority from day one,” he said. “Without directory services, there’s really no way to manage your user base. Whether it was JumpCloud® or Active Directory, something needed to be done.”
You’re invited! Join Justin for a live webinar July 9, 2020, on his experience evaluating and implementing Directory-as-a-Service. Details→
The process became more urgent when the company faced the COVID-19 pandemic and stay-at-home orders that forced all 12 offices of the organization’s office to move to a remote model.
Challenges: Unmanaged Users & Machines
Justin searched for a solution that he could use for access control, system management, and monitoring. With the arrival of the pandemic, he knew he needed an identity and access management (IAM) solution that wouldn’t require on-premises infrastructure or VPNs to function correctly for a remote workforce.
“The COVID-19 crisis necessitated a breakneck turnaround on providing a suddenly remote workforce with an IT system that could manage user passwords, push applications and updates to computers, control group policies, provide IT with reporting information to monitor the information security environment, and do all of that from outside the office without the challenges associated with users trying to connect via VPNs to internal domain controllers or resources,” Justin said.
That effectively ruled out AD. Justin didn’t seriously consider Okta or Jamf either. The former had strong single sign-on (SSO) capabilities but couldn’t serve as a standalone directory service for the organization, and the latter couldn’t manage the organization’s Windows machines or server. Instead, Justin wanted to find an all-in-one solution for access control and device management.
Justin was also interested in a solution with integrated tools to monitor his fleet of machines and return authentication logs as the company gears up for NIST 800-171 compliance, which will require records of who logged in, where they logged in from, and what they logged into, among other data.
Solution: All-in-One Cloud Directory Service
Justin found JumpCloud Directory-as-a-Service® and quickly made the decision that it would help the organization navigate the remote work transition and achieve regulatory compliance.
“To have everything in one place was awesome,” he said. “It only took me about two weeks to make up my mind.”
Justin first rolled out new systems to the organization’s full time employees — macOS® machines for the DevOps and executive teams and Windows® for the remaining users. He imported users from existing G Suite™ and Microsoft 365™ instances, sent them a JumpCloud activation email, and instructed them to download the JumpCloud agent on their new machines.
He could then deploy JumpCloud Policies to enable full-disk encryption and manage Windows updates, as well as begin monitoring the machines with System Insights™. System Insights returns key data about machines in a fleet, both through the web-based Admin Portal and via PowerShell and API, including hardware, software, and network configurations.
Because users are remote and Justin is running a lean IT department, he has users fill out a form if they need to download something, such as new software or a Google Chrome extension. He briefly grants them admin access on their machine and then runs a System Insights report afterward to verify they didn’t take any other admin actions on their machine.
“System Insights has been a lifesaver. It’s made my job much easier.”
He’s also begun to use Directory Insights™ to collect data about user authentications and run queries. Directory Insights provides a 360° view of admin changes in the directory and user authentications to applications, systems, networks, and more. Justin plans to use the Directory Insights logs for NIST compliance, as well as to help the company decide whether they bring users back into their offices.
“Do we want to stay with a fully remote workforce?” Justin said. “Do we want to do a hybrid? Or do we just want to bring everybody back in?”
Justin has begun to roll out JumpCloud’s SSO portfolio, as a variety of real estate and broker platforms use SAML connectors. He’s also used JumpCloud’s cross-platform command runner to deploy and execute commands on remote user machines.
“The commands feature has been incredibly useful,” Justin said. “I’ve been watching YouTube tutorials to get back up to snuff with PowerShell scripting and terminal scripting. You don’t really need anything else.”
Justin has also enrolled the organization’s macOS machines in JumpCloud’s Apple MDM to be able to remotely lock, restart, shutdown, and wipe machines. He prioritized implementing the feature because the organization’s DevOps and executive teams, as well as Justin himself, use Macs.
“We have the keys to the kingdom, so if a Mac is stolen or lost I need to be able to kill it remotely to make sure our data is protected,” Justin said.
Implementation: ‘Consolidate Everything’
Beyond the rollout of the core JumpCloud platform, Justin used the integrated cloud RADIUS feature to establish unique user logins to WiFi, which is particularly important for the segment of the company that handles financial data.
“I finished the first RADIUS deployment, and it took less than 10 minutes,” Justin said. “That was the fastest I’ve ever done a RADIUS rollout.”
Justin added that users have been receptive to the overall JumpCloud rollout because it’s simplified their login process and helped them consolidate passwords.
“It’s actually been very easy for them and very well received,” Justin said. “Previously, there was no syncing, so their computer login would be different from their email. Without SSO, they’d have all these different passwords for everything, so it’s been very useful to consolidate everything.”
Chase International is an umbrella for a variety of real estate services with 60 full time users and 400 real estate agents and brokers who work as independent contractors and who pay technology fees for basic services like email. Justin is proposing that contractors who pay increased technology fees are provided more IT services and management, which he could also accommodate from JumpCloud.
Now that Justin has JumpCloud rolled out, he has time to step back and establish the organization’s first written policies. He plans to document policies for onboarding and offboarding, data retention, reporting, admin accounts, and eventually NIST compliance — as well as to systematically audit and ensure adherence to those policies across the organization. JumpCloud also enabled the team to stay safe and secure during a difficult time.
“Although the last few months have been extremely challenging for our organization and employees, I cannot imagine what it would have been like without JumpCloud to bring everything together in such a complete manner quickly and efficiently, while also allowing us to do so from a safe distance,” Justin said.
As compared to the costs of a traditional Active Directory instance — including servers, licensing, and redundancy — JumpCloud has been more effective and economical.
“JumpCloud continues to deliver a high return on investment for my department, my users, and the company as a whole.”
At JumpCloud, we prioritize securing and enabling organizations — no matter where their users and devices are located. Our full-suite cloud directory service can serve as an organization’s identity provider and federate core identities to virtually all IT resources. Click here to learn more about the comprehensive access control and device management you can achieve from the cloud.