Sitting down with Ezeelogin’s Founder and Director Bachchan James was a treat for Safety Detective’s Aviva Zacks. She got to find out all about what a jump host s and how it can protect a company’s entire network.
Safety Detective: What got you interested in cybersecurity and what motivated you to start Ezeelogin?
Bachchan James: My career had started off as a Linux system engineer. My business partner and I used to work for hosting companies and e-commerce enterprises that had hundreds of Linux servers, and it was our responsibility to maintain them. We found it hard to manage and administer the Linux servers as the number of servers increased day by day and when a new employee was onboarded.
We did not find any solution in the market that would let us cut down the SSH access time by half and would double the security on the servers. We wanted to make sure the efficiency in the company increased with the implementation of the SSH jump box solution, especially when they have a lot of employees working together and accessing different machines via SSH. We also wanted to keep track of employees who accessed production servers, the time at which it was accessed, and a log of what was done. That is how we developed our own SSH jump server solution called Ezeelogin.
SD: What is a jump host and why do people need one?
BJ: Jump host is a centralized place where your employees would first log in before they start or fan out to access the remote machines in an enterprise or in a company. When all the employees go through the jump host, all you have to think about is securing the jump host and ensuring that features like two-factor authentication and the VPN are in place. The best part is that you can record every activity that happens on the jump host.
Whenever an employee wants to access a remote machine in the company, they have to go through the jump host. They are authenticated via the jump host, so everything is recorded, every action is streamlined, and you can do forensic audits later to see who did what on which server and why they logged into which server. This helps companies meet various security compliances like PCI-DSS and ISO 27001, where you have to mandate and monitor every action of your employees on the remote service they have access to.
SD: What kinds of companies use your technology?
BJ: Financial companies, e-commerce companies, hosting companies, and VoIP-based internet telephony companies use the Ezeelogin SSH jump server solution. Any business that has a couple of servers or looking to meet various security compliance would love to use our jump server solution because, by implementing the SSH jump server solution, it would inherently increase the productivity, security, and efficiency within the IT infrastructure.
SD: What do you feel are the worst cyberthreats out there today?
BJ: The challenges that we face today are the risks associated with an employee working from home. Any lapses on the employee’s part in handling their corporate credentials responsibly can be very costly for the company. With work from home becoming the norm, the chances of an employee’s credentials being compromised is high, which leads to the compromise of the IT infrastructure they work on.
We have seen that most of the professionally run IT infrastructures lack a proper security system, a solid security procedure, and can be easily compromised.
Once you have deployed the Ezeelogin SSH jump box, a lot of security systems and security procedures (two factor authentication, SSH Key based authentication, user password expiry, user password length and strength, and lots more) would naturally fall into place, ensuring that your IT infrastructure is an unformidable fortress.
SD: What are the cybersecurity trends to look out for in the next few years?
BJ: At the moment, with the internet being the new playground for the existing and emerging business due to the ongoing COVID-19 virus, there are a lot of areas that need to be addressed before we can see a boom in the internet users and the online financial transactions. At the moment, the chance of the user credentials being stolen and his credit card being compromised is high, due to the fact that most of the internet users are quite naive when it comes to security and the hackers are getting better every day.
Instead of getting the users to educate themselves on internet security it would be easier for the website providers to improve the security and procedures to make a secure financial transaction on the website, as weak security is a major deterrent in getting the majority of the users to do business online.
Enter biometric authentication. Users will no longer have to remember the username or passwords of every internet portal where they need to authenticate. Internet users no longer have to carry a device around to authenticate as it’s already imprinted in your body. Also, you no longer have to worry about forgetting your credentials or safely storing them. At the moment, a lot of work needs to be done on the biometric areas as there are still many holes that need to be plugged before it can come into the industry as the de facto standard of identity verification and authentication.
I am sure we will come up with fixes that will bolster up biometric security. At the moment, single sign on is the latest technology that is slowly, but steadily, getting incorporated. But I can see that it is going to merge with biometric authentication to come up with a system that is more reliable, more secure, and easier to manage for internet users.