JumpCloud Adds Decentralized Password Manager to Portfolio
JumpCloud Inc. this week launched a password manager that relies on an alternative approach that stores encrypted credentials locally on user devices and then synchronizes vaults between devices via servers in the cloud.
Cate Lochead, chief marketing officer for JumpCloud, said JumpCloud Password Manager employs a decentralized architecture to manage and secure passwords independent of authentication method. That approach is not only more efficient but also eliminates the need for users to create, manage and remember master passwords.
Cybercriminals have been targeting password managers to gain access to master passwords to gain access credentials stored in cloud-based password managers. As a result, there is a need for a more secure approach that can’t be as easily compromised, said Lochead.
Available under an early access program, JumpCloud Password Manager is based on technology the company gained with the acquisition of MYKI earlier this year. It is scheduled to be generally available in the fourth quarter.
JumpCloud Password Manager is designed to thwart those attacks using a tool that can be managed via the same console that IT organizations employ to secure network access via the Open Directory Platform. It also provides the added benefit of making it simpler to identify and audit who has access to what accounts and whether credentials are weak or simply being reused too often, Lochead noted. Strong, complex and unique passwords are automatically created using the JumpCloud password generator, she added.
IT and cybersecurity teams still spend a large amount of time managing passwords that could be better spent on activities that return more value to the business. The challenge is finding a way to achieve that goal without providing cybercriminals with a centralized platform that could be more easily targeted.
Overall, JumpCloud is now reporting there are now more than 180,000 organizations using its directory, with more than 5,000 paying customers including Cars.com, GoFundMe, Grab, ClassPass, Uplight, Beyond Finance and Foursquare. The JumpCloud approach makes it possible for organizations to streamline security processes in a way that reduces total costs, said Lochead.
JumpCloud isn’t necessarily making a case to replace rival directories as much as it is to deploy Open Directory Platform alongside them as organizations look to improve their overall cybersecurity posture beyond the devices and platforms supported by Microsoft, noted Lochead. As part of that effort, JumpCloud today also launched an instance of its platform for managed service providers (MSPs) that will make Open Directory Platform more accessible as a service that is managed on behalf of an organization.
Directories have been at the core of any effort to manage identities for decades. However, as organizations look to implement zero-trust IT policies many are starting to revisit the directory platforms they rely on to grant access to applications and services. It’s not clear what percentage of organizations are now employing multiple directories, but the Microsoft Active Directory platform is one of the most widely employed platforms in IT environments.
The one thing that is clear is that as zero-trust approaches to securing IT environments become the cybersecurity approach du jour, many more cybersecurity professionals will be paying attention to how identities within organizations are managed.
