For more than 25 years, Schernecker Property Services (SPS) has focused on delivering the highest-value, long-term building envelope solutions for New England condominium communities. They help communities improve the appearance and longevity of their properties by taking a comprehensive, collaborative approach to project planning and execution. They provide building envelope solutions to existing construction.
David Garrity, Senior Technology Manager, is in charge of all IT infrastructure and operations at SPS. They have a highly customized customer relationship management (CRM) software that they support and develop, including customized integrations, and manage 70+ end users with multiple endpoints including cell phones and laptops. They use Active Directory for services within their on-premise server environment. In addition to on-premise applications, they use several cloud-based platforms, including integration platforms, email services, e-signature tools, e-generation and document management, file sharing, appraisal and HR applications, client-facing scheduling systems, VoIP phone and video systems, and punch list tools. “For a mission-driven construction company focused on providing the highest-value, long-term solutions, we strategically utilize technology to increase efficiencies,” Garrity explained.
The Challenges of Managing Remotely… and Securely
“We have had significant opportunities to mature our security,” he pointed out. SPS used local domain controllers and their Windows machines were bound to the domain. Mac machines were all locally controlled. Unfortunately, this presented several challenges. SPS staff typically work off-site on project sites or remotely, which means that around 80% of their staff are never in the office. Having a local Active Directory authentication system didn’t make sense because if they had to do a password reset in the field, they would need a VPN to get the device on the domain, which was not a silver bullet process. With Macs, individuals could brick a device and they’d be out of luck as Garrity’s team had no centralized control over device encryption and activation locks.
Garrity’s team needed a device management system that could handle Mac and Windows and the ability to make changes remotely and push those changes out to users. They also needed to improve their security practices so that devices and permissions could be centrally managed from a cloud platform.
[The] first real step to improving security for us was improving the way people manage passwords. And that’s with having just one password for everything, which JumpCloud enables us to do. It’s just made it so much easier for everyone.David Garrity, Senior Technology Manager
Tried and True Technologies, Delivered via the Cloud
SPS evaluated several device management vendors, but found that most leaned either toward Mac or Windows, with few offering true coverage for both. Then they found JumpCloud. “JumpCloud can do it all. A really good thing with JumpCloud is the Cloud RADIUS solution, not all vendors offer this, especially vendors supporting both Mac and Windows. This saves us a lot of work from a security perspective, so we’re not sharing out wireless passwords, like some companies often tend to do,” pointed out Garrity. “People don’t have to call the help desk to get reconnected with the wireless network when certificates expire, so this reduces our call volume. Users can just use their JumpCloud password across Windows and Mac and the network. This is where JumpCloud ticked all the boxes.”
After using JumpCloud’s 10 free licenses for several months to test it out, SPS selected JumpCloud and first implemented its single sign-on (SSO) for cloud applications. Once users were accustomed to that, his team began converting devices to authenticate using JumpCloud. “Converting devices was the most time-consuming part of the transition, but once we were set up and syncing, JumpCloud worked seamlessly,” said Garrity. Lastly, they addressed their Wi-Fi authentication in the office to ensure it’s ready for workers who do come in.
Now when a new user onboards, Garrity’s team orders the device, ships it to IT, and IT sets it up. For Windows devices, they use the JumpCloud software management platform for certain apps. Once the agent is installed on the Windows device, it takes over and installs a couple of key apps using the Chocolatey integration. They also have third-party vendors install their agents and security platforms. Once completed, Garrity’s team creates a local account on the machine and then takes it over with the JumpCloud account.
The reason we do that is so if someone doesn’t follow the directions and logs in on the network before they leave the office, that account will disappear on them.David Garrity, Senior Technology Manager
“JumpCloud was a huge step forward in getting our security in place. It moved us closer to where we need to be. We will continue chipping away with maturing along the security model and we still have work to do, but the Zero Trust model that JumpCloud has is something we’ll have to eventually do. It’s the gold standard. It’s going to take some time as it’s a culture shift, but we’re working on it,” said Garrity.
“One of the biggest results has been the reduction in help desk calls for password resets. People only have to remember one password now for everything,” Garrity said.
“Before JumpCloud, we weren’t enabling multi-factor authentication, because people would have several multi-factor applications, connections to manage independently. People also weren’t always taking good care of their passwords as there were so many different passwords to manage. Adopting JumpCloud allowed us to conform with industry standards for password management,” explained Garrity. “So the first real step to improving security for us was improving the way people manage passwords. And that’s with having just one password for everything, which JumpCloud enables us to do. It’s just made it so much easier for everyone.”
“We’ve seen tangible user benefits as well as IT risk mitigation by using JumpCloud. The other important benefit I’ve seen is the fact that JumpCloud can encrypt devices and store the key; it takes away the potential that the device will get locked out of and IT won’t be able to regain access. JumpCloud stores the encryption keys automatically and I think that’s a huge improvement for us,” said Garrity.
JumpCloud changes the way IT administrators manage their organizations by providing a comprehensive and flexible cloud directory platform. From one pane of glass, manage user identities and resource access, secure Mac, Windows, and Linux devices, and get a full view of your environment.
Get started with JumpCloud today.