Aviva Zacks of Safety Detective had an interesting interview with Jim Matthews, Security Engineer at JumpCloud. He told her that his company is eliminating the need for a traditional domain.
Safety Detective: What drew you to cybersecurity and what do you love about it?
Jim Matthews: I was a UNIX System Administration back in the 90s when there weren’t that many dedicated security professionals. As a system administrator, security was just one aspect of my day-to-day activities. As time passed and the internet became much bigger, security became much more paramount, and I realized that there really wasn’t anybody filling that role where I was. So I moved into security and I’ve been there for several years now.
I absolutely love the challenge. One of the good things and one of the bad things about cybersecurity is there’s never a dull moment and things change day to day, hour to hour. I’m one of those guys that gets bored if I keep doing the same thing over and over again, and cybersecurity is always a new challenge for me.
SD: What would you say is JumpCloud’s flagship product?
JM: We are a cloud-based Directory-as-a-Service® solution, reimagining Active Directory and LDAP to allow companies to securely manage and connect their users to their systems, applications, files, and networks, regardless of the platform, protocol, provider, or location that they’re in. We securely connect an organization’s users with the IT resources they need to do their jobs. Think of us as the Grand Central Station of your IT network. If you need to access something – say an application, file, server, whatever it may be, we are the ones that safely direct you to it. We get employees on the right train, ensuring that they have a valid ticket. JumpCloud eliminates the need for the traditional domain (like Active Directory). The Domainless Enterprise is a new decentralized IT infrastructure approach where each access request is handled in a seamless, zero trust manner without the need to access a central gateway.
SD: What do you think are some of the worst cyberthreats out there today?
JM: Social engineering and phishing are the big ones for me. Cybersecurity is a multi-billion dollar business and we spend tons of money protecting our perimeters, protecting our endpoints, educating our users, locking down databases, and unfortunately, what gets a lot of companies is just a rogue email, an engineer who happens to click on it and provide their credentials.
I would say that the second one is credentials, specifically password credentials. Everybody uses the same password for all of their major sites. Sometimes they’ll put a 01 on the end of their password if they have to change it. But the reuse of passwords is a huge danger because passwords get exposed constantly on the internet and attackers will take those old passwords and try them on all the major services, and because nobody changes their password, oftentimes, that’s the way a breach can occur.
SD: How do you think the cybersecurity landscape is going to change over the next five years?
JM: Everybody was used to the traditional model where we all worked in an office; we all had our computers in a data center. Everything in the past couple of years has been moving towards the cloud. So that old model of data centers is going away, and cloud is becoming the major infrastructure for a lot of companies. But specifically, I think people working from home is going to be a major change. We’ve survived this pandemic where we’ve shown that people can work at home and can do their jobs without being in a physical office, which is great in a number of aspects. But from a security aspect, it does increase the attack vector. I think managing people that are working from home or working from remote locations in a secured fashion is going to be a major focus in the next five years.