How SMEs Can Build A Winning Strategy For Identity And Device Management
Expert Insights interviews Antoine Jebara, Co-Founder & GM MSP Business at JumpCloud.
Securing user identities is a challenge for organizations of all sizes, but particularly for small to medium-sized enterprises (SMEs). As the vast majority of data breaches today are caused by identity related threats, it’s increasingly critical for SMEs to invest in a secure identity solution. But the cost, complexity and resources required to implement a service that can securely and seamlessly connect employees to the services they need can be daunting for SMEs who often lack in-house security resources.
This is a challenge familiar to Antoine Jebara. A serial entrepreneur in the identity space, Jebara has been helping SMEs solve identity challenges since 2013, when he co-founded MYKI, a password management and multi-factor authentication (MFA) provider designed specifically for small businesses and managed service providers (MSPs). In 2022, MYKI was acquired by JumpCloud, where Jebara is now co-founder and general manager of JumpCloud’s MSP business.
JumpCloud is a leading open directory platform provider that unifies Identity and Access Management (IAM) and device management capabilities. The JumpCloud platform enables employees to securely access any application, device or network resource needed, and enables IT teams to effectively and scalably manage these identities. Having protected 200,000+ organizations worldwide, Jebara and his team at JumpCloud have a bird’s-eye perspective on the identity and device management challenges facing SMEs today.
You can listen to our full interview with Antoine Jebara on the Expert Insights podcast:
The Scale Of The Identity Challenge
“Over the last 15-20 years the world has moved to the cloud. We have moved from a setup where devices were the center of your stack, where you had a network, devices on that network, and you gave users access to different types of resources through these devices,” Jebara explains. But in the cloud-era, that paradigm has shattered.
“The device has moved from being the center of the [security] stack, to the digital identity of the user becoming the center of the stack. Think about it. Today, you give users access to different types of services via their emails, their usernames. Not via their device name. That poses a lot of challenges for the existing infrastructure.”
Many SMEs still rely on legacy user directories, often hosted on-premises, and based on a device-centric architecture not designed for the cloud. To ensure users can access the cloud-based services they need, many SMEs have installed multiple single point cloud solutions such as single sign-on (SSO), password management, and multiple factor authentication services. Rather than having a single, streamlined identity and access process, users may need to use one service to manage their passwords, another to access internal apps, and yet more to access cloud applications and services. “This has created a lot of issues when it comes to offering a seamless end user experience. It’s also degraded security because both IT admins and end users now need to think about different types of systems they use in different ways to get their work done.”
As the vast majority of data breaches are caused by identity-related issues, the need for SMEs to shore up and upgrade their legacy systems is becoming critical. “Identity, access, and device management are at the core of your IT stack. An effective identity and access management setup allows organizations to protect themselves against the growing risks that are threatening their business. In addition to that, having a comprehensive identity access and device management setup is now a requirement to make your business comply with different compliance bodies and is a requirement of cyber insurance companies. These are things that you need to comply with.”
How SMEs Can Build A Winning IAM Strategy
For the reasons outlined, there has been a steady rise in adoption of identity and access management in recent years. But SMEs face some key roadblocks, Jebara explains. “A lot of SMEs already have something in place, and they’re relying on this infrastructure to get work done. There’s sometimes fear of having to fully rip and replace core components to be able to adapt. IT spend has been going up, and it’s a significant concern for SMEs today.
“The fear of having to spend additional money to acquire tools that you need to be able to set your business up for success is real. And the lack of in-house IT resources required to, not only, be able to manage what’s in place, but also look forward, is a concern. I think that a lot of this has to do with fears that don’t end up materializing when you start getting into the meat of the problem to improve your situation.”
The first step for SMEs is to understand their key aims in building out their identity, access, and device management strategies, Jebara explains. “What are you trying to achieve? How much can you spend? What is the desired end user experience? What type of external companies do you work with? What are the constraints that you’re working within? All of these are important questions that need to come into a unified strategy. If you have the in-house IT resources to get into all of these details, have the know-how to get into these details, and have maturity and opinions on what needs to happen across every component of the stack, then this is where I start.”
“If you’re lacking some of these capabilities, I would definitely work with an MSP, or a managed service provider.” MSPs can act as a full-blown in-house IT team, or they can augment your in-house IT capabilities with specialized services, such as identity management. “I would start there,” Jebara recommends. “I would strongly urge you to go for a unified approach, to reduce the number of vendors you have to manage, reduce the workload on your IT team, and to improve end users’ satisfaction and their ability to be productive. Once that’s done, you’ve done a lot of the work required to get you to where you want to be. The rest is getting into the details on your own, or with an MSP, and figuring out what capabilities you need, what the rollout looks like, and what end user training and awareness you need to do to make sure that everyone’s on board.”
Jebara’s team at JumpCloud is focused on the SME market, working with a number of leading MSPs to deliver JumpCloud’s open directory platform to smaller companies without a dedicated in-house resource. JumpCloud recently announced a new partnership with Electric, a leading MSP helping SMEs secure user and device identities. “Electric is a large and very sophisticated MSP. They’ve created a platform that allows small and medium sized businesses to manage their IT with a simple admin user experience. Earlier this year, Electric decided to consolidate their vendor stack on JumpCloud in the back end. That allows Electric to gain access to next-gen identity access and device management capabilities that allow them to offer an end-user friendly and very powerful set of services to their clients.”
Evolving Identity And Device Management Challenges
Considering how identity and device management challenges are likely to change in the coming years, Jebara sees the obstacles for SMEs continuing to grow. “I think it’s going to continue to become more and more complex. There’s going to be more and more components, there’s going to be different types of constraints. And in parallel, security threats are going to continue to grow and their effect on your business is going to continue to grow as well. It’s not something that you can avoid addressing anymore.”
“I personally think that the cost of software in general is going to continue to go up as we rely more and more on it to run our business. So, my advice to any business trying to figure out how they’re going to navigate the years to come is to ask themselves: Are we currently equipped to understand that complexity from an IT and security perspective and are we in a position to keep up with how that market is continuing to evolve?
If the answer is no, or we’re not sure, then my best piece of advice is surround yourself with people that know. These would be managed service providers or managed security service providers (MSSPs). I would say that this is the number one thing that you need to do. The second thing that I think you need is to keep a very close eye on satisfaction and employee productivity.
The job of IT is to enable people to do their job. It’s not the job of IT to add complexity. Make sure that you’re keeping your end users in mind when making any decision that’s going to shape the future of your IT infrastructure. Because what you’re really optimizing for is employee productivity and satisfaction. And if you lose track of that, then you pose the risk of affecting the productivity, outcome, and the future success of your business.”
Listen to our full conversation with Antoine Jebara on the Expert Insights podcast.
Listen On Apple Podcasts:
Listen On Spotify