A Safer Identity

JumpCloud creates a safer identity for our customers. We take this responsibility seriously, and we know you need to understand our internal security practices to trust that your identities are well-protected and managed.

security-banner

How we are doing it:

Assessments and Independent Audits

JumpCloud’s environments are scanned for vulnerabilities monthly by a reputable third-party assessor. We also have external penetration tests performed at a minimum of 3 times per year by a qualified third-party firm. The results of these scans and tests are integrated into our development workflow.

JumpCloud has completed a Type1 1 SOC 2 examination for our Directory-as-a-Service. You can request to view the results of this examination by emailing accounts@jumpcloud.com.

Secure Communication

We make sure everything connected to your resources is secure. JumpCloud leverages mutual (2-way) TLS via private PKI infrastructure across all of our authentication protocols to ensure the highest level of communication tunneling and encryption.

Infrastructure Security

Access Controls

VPN keys are created and managed with JumpCloud’s private PKI so you can easily revoke VPN and agent access at any time. VPN server access is limited to key employees and requires a private key and password.

 

Users are access controlled with multi-factor authentication and use strict IAM roles. Only key employees receive administrative access.


Monitoring

JumpCloud uses monitoring software to track user logins, privileged commands, and to track on anomalies. Our servers remain fully patched through the use of various monitoring tools. We also use a customized Intrusion Detection System to monitor and report anomalous issues and to report on changes to critical configuration files and installed software.


Data Protection

All database disk volumes are safeguarded with data-at-rest encryption to prevent data access by unauthorized parties.

Recovery and Employment

JumpCloud follows DevOps best practices to ensure that our environment is highly available for our customers. We use cloud service providers with high-availability and have a disaster recovery policy to swiftly recover data.

All of JumpCloud’s employees undergo 7-year criminal and employment background checks and are required to complete security awareness training during their first week at JumpCloud.

Ready to Jump in?

Try Now - 10 Users Free Forever

No Credit Card Required