A Safer Identity
JumpCloud creates a safer identity for our customers. We take this responsibility seriously, and we know you need to understand our internal security practices to trust that your identities are well-protected and managed.
How we are doing it:
Assessments and Independent Audits
JumpCloud’s environments are scanned for vulnerabilities monthly by a reputable third-party assessor. We also have external penetration tests performed at a minimum of 3 times per year by a qualified third-party firm. The results of these scans and tests are integrated into our development workflow.
JumpCloud has completed a Type1 1 SOC 2 examination for our Directory-as-a-Service. You can request to view the results of this examination by emailing firstname.lastname@example.org.
We make sure everything connected to your resources is secure. JumpCloud leverages mutual (2-way) TLS via private PKI infrastructure across all of our authentication protocols to ensure the highest level of communication tunneling and encryption.
VPN keys are created and managed with JumpCloud’s private PKI so you can easily revoke VPN and agent access at any time. VPN server access is limited to key employees and requires a private key and password.
Users are access controlled with multi-factor authentication and use strict IAM roles. Only key employees receive administrative access.
JumpCloud uses monitoring software to track user logins, privileged commands, and to track on anomalies. Our servers remain fully patched through the use of various monitoring tools. We also use a customized Intrusion Detection System to monitor and report anomalous issues and to report on changes to critical configuration files and installed software.
All database disk volumes are safeguarded with data-at-rest encryption to prevent data access by unauthorized parties.
Recovery and Employment
JumpCloud follows DevOps best practices to ensure that our environment is highly available for our customers. We use cloud service providers with high-availability and have a disaster recovery policy to swiftly recover data.
All of JumpCloud’s employees undergo 7-year criminal and employment background checks and are required to complete security awareness training during their first week at JumpCloud.