Doublestruck Case Study: Centralizing Passwords and Securing the Network While Achieving GDPR Compliance

Introduction

Doublestruck is an innovator in educational technology. They are part of the larger AQA non-profit organization, which is one of the five recognized awarding bodies of the public exams system in the UK. DoubleStruck specializes in assessment and reporting tools, called Testbase and Exampro, that aid primary and secondary school teachers throughout the country.

When Iain Argent started with Doublestruck as a Software Development Manager, he also took on responsibility for the organization’s IT infrastructure. Argent saw an opportunity to automate manual admin processes, optimize user workflows, and also fortify security. He set out looking for a solution that made it easier for end users to access their tools, and required fewer passwords to remember. In addition, he knew they needed something that could support all three major operating systems.

Company:Doublestruck
Size:≈ 50 Employees over three sites
Location:London, UK
Problem:Credential overload, network security
Goal:Easier workflow for users, centralize passwords, GDPR compliance

Background

It’s easy for smaller organizations to go without automating IT operations. Many IT tasks are easier to handle manually, as long as the scale is small. This was the type of environment that Argent came into.

“When I arrived at Doublestruck, our IT operations were ad hoc. There was no standard operating procedure for onboarding people. This was one of many processes that my boss wanted me to streamline,” said Argent.

“I remember that initially we had to draw up a list of all of the resources that people might want to access. Then, when new employees came on board we had to encourage our managers to fill out the list so I knew what resource access to give them. There were typically around seven different resources that we had to create accounts for and get set up prior to each employee starting. We use Gmail™, G Suite™, Google Drive™, Office 365™ for Excel®, an on-prem file server, and more. Not to mention the presence of Windows®, Mac®, and Linux® systems. Setting up profiles for all of that manually was far from ideal,” Argent said.

The Challenge

Even with a small amount of end users, manual tasks like password changes, user creation, and provisioning, can quickly become a huge time sink.

“We were really feeling the pain of having a bunch of systems all set up different ways for different users. Our end users were feeling that pain too.”

“The setup required our users to remember a lot of different passwords,” Argent explained. “They would have one password for their computer, one for Gmail, one for O365, one for the CRM system, another for the database, and more for any other resource they used.”

“Then, if an end user couldn’t remember their password it would sometimes lead to them account sharing with a co-worker when they really shouldn’t. So it was not only a hassle for the admins and the end users, it was a security concern as well – one that would make it very difficult to achieve GDPR compliance.”

Doublestruck was running into a similar challenge with their network.

“We used to have a single, shared WiFi password that we would give to the staff to access the network. Then, we had a separate network that we would provide for guests. We had it set up so that it would be difficult to access resources if you weren’t supposed to. But, if anyone left the company, we had to change the password or else they would be taking the network credentials with them.”

Argent set out to centralize and streamline the identity management at Doublestruck. That’s when he found JumpCloud Directory-as-a-Service®.

The Solution

“After searching, I saw that JumpCloud was really the only solution that supports all three operating systems (Mac, Windows, and Linux),” Argent said. “The fact that JumpCloud supports LDAP and integrates with G Suite were two more quick wins. It immediately worked across several sets of services we use.”

With JumpCloud in place, identity and access management got much easier at Doublestruck.

“The first big improvement is that the end users can now reset their passwords themselves. There’s no need to bother me with requests to reset credentials when they need to use an application they haven’t accessed in a while. If they forget their JumpCloud password, they can reset it themselves.”

“The second big improvement is that users have the same password for everything. This has helped tremendously with people forgetting passwords. With this reduction in reset requests, it means a lot fewer interruptions for me, and fewer lockouts for the end users. That enables me to focus on building new infrastructure and resources for the company rather than keeping access up to date, and enables the end user to avoid lockout delays.”

“It saves the company as a whole quite a lot of time.”

Argent continued: “JumpCloud helped with onboarding and offboarding as well. We used to need to manually create accounts for each service and for each employee. Nowadays, we just set up a JumpCloud account, we add it to the department group within the JumpCloud admin portal, and everything else is taken care of from there.”

“We’re fortunate in that we don’t have to offboard many people. But, in the rare occurence of offboarding, all we need to do is switch off their JumpCloud account and they don’t have access to anything anymore. No WiFi, no VPN, no CRM – nothing.”

WiFi network authentication was another large challenge for Doublestruck that JumpCloud Directory-as-a-Service was able to help with.

“One of the aspects that I like the most about JumpCloud is Cloud RADIUS.”

“We used to have a single WiFi password that always had the risk of being shared, but we don’t have to worry about that anymore with Cloud RADIUS from JumpCloud. Each user has their own unique credentials to login with, eliminating the risks of the shared password.”

Argent added, “It’s more convenient for the end users too. With JumpCloud, if someone new starts and they need WiFi access in any of our offices, they just login with their JumpCloud credentials and they’re done. If they need to VPN in while working from home, they can use their JumpCloud credentials for that as well. Further, if the password is compromised somehow, they don’t need to change their password in a lot of different places. One password change covers everything.”

The Result

“We’ve had JumpCloud Directory-as-a-Service for just over a year now, and we have nearly everything we use integrated into it. It saves us a good amount of time because we no longer need to do as much ad hoc admin work.”

“Instead of having to worry about keeping people’s access up to date, we can spend more time improving our systems and infrastructure.”

“It’s great for the end users as well because, for the most part, it’s invisible to them. We get them set up with a JumpCloud password, and then they never hear about it again. They just get to focus on work. The seamlessness and invisibility are two things that really just make the platform work.”

“With Cloud RADIUS, we now have our WiFi more professionally set up than many large enterprises.”

“In general, most companies have some way of centralizing their credentials, but I don’t know of anyone else who is able to integrate it with their RADIUS servers as well. Of course, JumpCloud is much more than RADIUS alone. They integrate with Office 365 and G Suite, and they even support all of the operating systems – which I don’t think anybody else does. Those are all great reasons to start using Directory-as-a-Service.”

“Centralizing our passwords made my life a lot easier.”

“JumpCloud set us up well for GDPR compliance also. One of the big rules that we must follow for GDPR is to have a way to say who has access to what data at what time. With our old setup that had so many accounts being shared there was no way we could do that. With our JumpCloud Directory-as-a-Service setup however, we already had all of the work for that done. JumpCloud helped us separate out all of our user accounts, so by the time GDPR came around we already had that part covered.”

Doublestruck now has complete centralization and control over their infrastructure, and they have the security and easy user workflow that they were looking for. When asked if he would recommend JumpCloud Directory-as-a-Service, Argent’s answer was pretty clear:

I can’t think of any organization that wouldn’t benefit from JumpCloud.”

About JumpCloud

The JumpCloud Directory Platform provides secure, frictionless user access from any device to any resource, regardless of location. Get started, or contact us at 855.212.3122.