The Tennessee Baptist Mission Board is a nonprofit organization that represents 3,200 Southern Baptist churches in Tennessee and is tasked with maintaining doctrine, hosting annual denominational meetings, maintaining historical archives, and more.
Founded in 1923 and headquartered in Franklin, Tennessee, the organization — which maintains a hybrid work environment — has more than 150 employees spread out across the state.
Needing to move away from Active Directory after a failed ransomware attack
In January 2020, Doug Finch joined Tennessee Baptist Mission Board (TBMB) as IT director, the organization’s environment was “very, very Windows” and running on Active Directory. A couple months later, a server went down, and Finch and his team began triaging the incident to try and figure out what was going on.
“We found out that a hacker had gained access to a device out in Azure, and he was dropping ransomware on it,” Finch says, adding that a former contractor had set up a printer server and accidentally left the default credentials on there, which the attacker used to gain domain admin-level access. “By the grace of God, with good fortune all around us, that server crashed and didn’t end up affecting anything. The attacker couldn’t get any farther.”
After this experience, Finch immediately decided to move away from Active Directory entirely.
“It took us about six months to get out,” he says. “I’ve never looked back since.”
Choosing JumpCloud as an Active Directory replacement
Eight or nine years ago, Finch faced a similar dilemma in a previous role; the Active Directory environment there was in “bad condition — eaten with malware viruses.” After moving to a new Active Directory server and domain, the team encountered even more issues.
“I found Active Directory to be a very untenable solution. I said, ‘You know what, there’s got to be something better than this.’”
Doug Finch, IT Director, Tennessee Baptist Mission Board
Finch began searching Google for an Active Directory alternative. Ultimately, he came across JumpCloud, which was a “very basic product at the time” — but still one that intrigued him. Liking what he saw, he spun up a free trial for 10 users and tested it for two months.
“I couldn’t find a reason not to like it,” Finch says. “It just worked right out of the box for a directory as-a-service.”
Over the next two or three weeks, he moved all of the previous company’s users to a DNS DHCP server and a Samba server then moved everything off Windows.
“The cool thing is, as I moved people off, they didn’t even know they’d been moved over,” Finch says. “The environments still looked the same.”
After deploying JumpCloud at the old job, Finch said a lot of consultants approached him upon learning he’d moved away from Active Directory; at the time, none of them had heard of JumpCloud.
“I would show them how it works, I would show them the cloud interface, and they said, ‘That’s just genius,’” Finch says. “They said, ‘It must be inherently secure,’ and I have found that to be the case.”
After the ransomware incident at TBMB, Finch already knew the solution to his conundrum; history repeated itself, and he replaced Active Directory with JumpCloud.
Unlocking additional value from feature-rich JumpCloud
Once again, JumpCloud solved Finch’s Active Directory headaches by providing a turnkey cloud directory. Since a lot of time had passed since Finch last used JumpCloud, he started examining the platform further.
“What I found after I really started looking at it was that it did so much more,” Finch explains, adding that TBMB uses features like Patch Management and Remote Assist to streamline IT operations and protect critical organizational resources. “I’ve watched this product grow and grow and I just love to see it. I have zero intentions of ever looking at Active Directory again. Now, when I talk to consultants, every single one of them has heard of JumpCloud.”
Simplified IT management
Thanks to JumpCloud, the TBMB team has been able to streamline day-to-day IT operations. In particular, the platform’s mobile device management capabilities enables IT to manage 160 users — roughly two-thirds using Windows and one-third using Macs — from a single pane of glass.
“We like how JumpCloud treats Windows and Mac users agnostically,” explains David Delgado, a system admin at TBMB. “JumpCloud really simplifies a lot of the permissions on access, too. If you’re using groups and you want to give someone access to certain applications or if you want to make someone an admin, that’s easy as well — being able to grant admin access whether it’s temporary or permanent is great.”
JumpCloud also makes user provisioning a breeze.
“It’s so easy to do with scripts,” Delgado explains. “JumpCloud makes it so nice and simple.”
Additionally, the IT team uses policy groups and device groups to further streamline IT management and secure company resources. Delgado’s also a big fan of JumpCloud Commands, which enables the IT team to execute scripts on fleets of machines remotely.
“It’s gotten us out of a lot of sticky situations,” he says. “You have so much more control and can just say, ‘Hey, send out this command to this computer,’ and it’s done. That’s it.”
Improved cyber resilience
With JumpCloud, TBMB has significantly strengthened its security posture. For example, the team is using JumpCloud single sign-on (SSO) to secure and simplify access to apps, RADIUS to enable users to securely authenticate to WiFi, and multi-factor authentication (MFA) to keep bad actors at bay.
“The whole entire company is attached to the MFA group,” Delgado explains. “If there’s ever anything where I need them to temporarily not have MFA, it’s as easy as removing them from one group and adding them to another.”
Both Finch and Delgado are really impressed by Password Manager, which Finch calls “the most robust password manager I’ve ever seen,” and JumpCloud Go™ — a feature that lets users access JumpCloud-protected resources using biometrics or the device password — both of which simplify access while securing resources.
“Doug and I both use Password Manager and Go and we love it,” Delgado says. “We’re going to push out Password Manager across the organization next year. Password Manager is a 15 out of 10 in terms of making productivity so much easier — preventing users from writing down their passwords under their keyboards or saving them in Google Chrome, which is the worst security thing you could ever imagine.”
Password Manager has been so solid that Finch doesn’t even know what his passwords are anymore.
“I’m letting it choose the complexity,” he says. “I’m starting to bump up the password length to 25, 30 characters because — if I’m not having to remember them — let’s just do it. We definitely stepped up our security because of that.”
All of these capabilities add up to increased cyber resilience — which the organization’s cyber insurance provider is thrilled with.
“JumpCloud gives us better resilience against professional cyberattacks. It speaks very highly of how the product has matured over the years. We’ve actually gotten a 20% reduction in cyber insurance premiums because we’ve been so far ahead of the curve with things like mandating MFA for all accounts and minimizing the number of admin accounts.”
David Delgado, System Admin, Tennessee Baptist Mission Board
Increased productivity
By simplifying access to cloud services — “everyone’s happy because all they have to do is click a button,” Delgado says — JumpCloud has increased productivity across the organization.
Recently, a remote employee’s laptop crashed, and IT had to physically pick it up. Without a computer, the employee was curious how she was going to get her work done; with JumpCloud, she was able to continue working without a hitch.
“I said, ‘Do you have your own computer?’” Finch says. “She did. I told her to log into the JumpCloud console. She emailed me later that morning and says, ‘I had no idea I could get to all of this stuff. She says, ‘I’m back up and running even though you have my computer.’ And I said, ‘That’s the point. That’s the whole point.’ So, it’s been a huge help for us.”
Any last words for folks considering JumpCloud?
“You have so much to gain from JumpCloud that it far outweighs whatever Active Directory could ever provide you,” Delgado says. “It will increase your security posture.”
On top of the platform itself, Finch has been impressed by dealing with JumpCloud staff, who have been particularly helpful through the relationship.
“It doesn’t feel like I’m dealing with this big massive organization out there that is trying to take over the world,” Finch concludes. “I’m dealing with somebody I actually want to deal with.”
About JumpCloud
JumpCloud® delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform.
To see the power of JumpCloud yourself, request a demo or start a 30-day trial today.