Securely Manage User Identities with JumpCloud: A Unified Directory Platform for Environments Hosted On-Prem or in the Cloud

TL; DR: JumpCloud’s secure and unified cloud directory platform helps over 100,000 organizations across more than 140 countries centralize, manage, and secure their technologies and assets. The all-in-one identity, access, and device management solution provides secure, frictionless connections from any device to any resource, whether hosted in the cloud or on-premises. After receiving substantial contributions from investors, JumpCloud is broadening its mission to reimagine the identity management space in its entirety.

Active Directory (AD), first released with Windows 2000 Server, was built to make it easier for sysadmins to connect users working from Windows desktops with the on-premises resources required to get their work done.

Since then, it’s become a staple in the lives of many IT professionals. But as the world shifts toward cloud-based, platform-agnostic infrastructure and applications — and accesses them from devices with mixed operating systems such as macOS — some question whether a tool built for Microsoft-centric environments remains an ideal solution.

“Microsoft AD is the 800-pound gorilla in the world of identity management,” said Greg Keller, CTO of JumpCloud. “Yet, most modern IT organizations are using platforms like AWS for hosting, macOS or Linux for operating systems, G Suite for collaboration, and hundreds of Software-as-a-Service (SaaS) applications — none of which were built by Microsoft. So why are we turning to Microsoft to tie everything together for us?”

Greg joined the team in 2014 and helped launch the JumpCloud product, a cloud directory platform, in response. Since then, the all-in-one identity and access management solution has become more relevant than ever.

Rather than limiting users to legacy directory services (or requiring them to bolt on multiple solutions in an attempt to make AD functional), JumpCloud works as an authoritative identity provider for all devices, networks, apps, and infrastructure. Using an advanced toolset, the cloud-based technology securely authenticates users across various platforms and protocols via a centralized console. It allows its users to expand their working environments by, for example, working from home.

“You don’t need any on-premises baggage anymore with a cloud-based directory,” Greg said. “We don’t care what resource you want to plug into it for authentication and management reasons. We did that through the obsession over the development of industry-standard protocols: LDAP, SAML, RADIUS.”

JumpCloud’s roots go back to 2008 when Rajat Bhargava and Larry Middle founded the network security company StillSecure. After speaking with IT teams at the company, they learned that there were no alternatives to Microsoft AD. Later, in 2012, Rajat and Larry began to identify the need for a directory solution that provided cross-platform access to both cloud and on-prem infrastructure.

By 2014, they began work on an identity access and device management platform, with Greg responsible for overall product vision and execution.

“We launched in September of 2014 after spending most of 2014 building out the infrastructure to support our goals as a cloud-based directory service,” Greg told us. “This is the fourth company I’ve been involved with, building from the ground up. The prior three SaaS companies had their prototypical startup problems in identifying clear product-market fit and subsequent left-right pivots. We never had that problem at JumpCloud — because the market was ready to receive this product.”

Today, 100,000-plus organizations across more than 140 countries use JumpCloud to centralize, manage, and secure their digital identities. These groups turn to JumpCloud because of its market differentiation.

“If you were to create JumpCloud in soup form, you would have to take 50% identity management and 50% device management and stir it up,” Greg said. “You would intertwine identity, authentication, and authorization from where that event typically happens — from a machine.”

Greg told us many people believe that all of the action takes place in the browser. But while the browser is a conduit to and necessary component for compute in many use cases — for example, accessing websites — it certainly isn’t all-encompassing.

“Does the browser solve for network authentication? Does the browser solve for terminaling into an Ubuntu host in a cloud hosting environment? Does the browser necessarily authenticate an LDAP transaction? No,” he said. “The machine is where you instigate many of these actions.”

Greg said the JumpCloud team found itself in a unique situation last year as the pandemic radically shifted the definition of the workplace. In May 2019, the group closed on a $50 million Series D funding round and began hiring more employees. By March 13, 2020, the company directed all of its employees to work from home.

“We did some very sophisticated financial disaster modeling and put together three contingency plans for abysmal, average, and best-case scenarios. We ended up having some of the most successful quarters yet and blew past the best-case scenario. We’re a sophisticated team of about 300 people — this was not our first rodeo in terms of the leadership required to help navigate a complex storm and ensure our employees were safe and productive.”

While the JumpCloud team was pleased to weather the storm, the reality for the IT community at large remained dim, particularly with new customers.

“We saw a lot of broken people coming in; IT administrators who had been managing Active Directory and VPNs for 15 years until everything fell apart when the forced movement to home offices occurred,” Greg told us. “They would say, ‘We knew how to secure people when they walked in the door of our offices using a key card and logged into our VLAN. How do you do that with people working from home?’”

JumpCloud’s previous adoption of Forrester’s Zero Trust security framework gave the company a strong foundation for helping customers secure remote users and devices without any on-prem hardware. The company’s philosophy is to trust nothing and verify everything.

“Let’s assume you work for a company that runs on the backbone of JumpCloud,” Greg said. “You go home and use a MacBook, a Windows machine, a Linux host — we don’t care what operating system it is. On that machine is the JumpCloud agent. We’re controlling all of your authentications. We’re a multifactor vendor as well. You’re getting access, and JumpCloud is just humming along in the background protecting the user’s authentications and the machine itself due to its security policies.”

If a malicious actor attempts to log in under the guise of a legitimate user, JumpCloud will prevent access. The system can identify anomalies in machines, certifications, and authentication patterns and request additional security credentials.

Greg told us JumpCloud caters to the modern IT administrator.

“Those bleeding-edge professionals in their 20s to 30s are more likely oriented with DevOps than qualified as a Microsoft Certified Solutions Expert (MCSE),” he said. “Many of them have never pushed buttons on System Center Configuration Manager (SCCM) or domain controllers before, but they sure can write cURL for RESTful APIs.”

Of the 100,000-plus organizations JumpCloud serves worldwide, 75% are these direct customers — IT professionals looking for a way to manage their company’s security.

The other 25% of the company’s client base is made up of managed service providers (MSPs) that use the platform both for themselves and to add value to their own services.

“We are now just really beginning the investment there, and we’re excited about it,” Greg said. “We really can envision a place where MSPs will drive 50% of our revenue. We just hired a luminary in the MSP sales space. MSPs don’t have boots on the ground in every one of their client’s offices, so they need to do their jobs remotely.”

In January, JumpCloud closed a $100 million Series E round led by BlackRock.

“We can’t even believe it. Our investors see the promise that JumpCloud is what the future looks like in terms of evergreen IT platforms,” Greg said.

Moving forward, JumpCloud will be focused on expanding its staff, platform, and client base.

“Our mission is to provide a consolidated set of tooling inside of one common platform,” Greg said. “JumpCloud engineering represents more than two-thirds of the employees at the company now. We’ll double that amount by year’s end to help deliver functionality faster to our customers.”

Ultimately, JumpCloud’s goal is to transform the identity management industry entirely.

“As a mentor once taught me, it’s one thing to build a feature or a product, but it’s another to change a market category,” Greg said. “Plenty of people can shoot for the moon. We’re trying to break through to other galaxies.”