An interesting question came up in the Slack lounge and I was thinking about this overnight. How are people using JumpCloud to complete audits? For instance, how does your organization leverage JumpCloud to get through a SOC2 audit? What methods and processes are you using to make the audit process much easier?
Compliance audits are becoming a requirement for any SaaS service provider to show your customers that you are serious about security and the protection of the data that your organization uses, but you all know that. When looking into the SOC 2 and ISO 27001 audit and certification journey there are a lot of requirements that need to be met. One of the traditionally more difficult things to manage is the attestation component of your endpoint protection and security posture across a traditional organization, let alone a remote work force. Integrating JumpCloud into our continuous compliance monitoring platform has allowed us to quickly support the requirements around endpoints, user management (2FA), onboarding and offboarding for systems and users. Having JumpCloud integrated with our compliance tracking system eliminates the guess work, lessens the number of agents we need to install on your system and gives us the ability to understand exactly what's going on.
You think you have a password manager on all of your systems? JC reports to the compliance tracking system and tells you that you do or don't so you don't have to figure it out another way. There are a few quirks with the reporting for Linux systems as the reporting is not as complete as it is for Mac or Windows, but overall the access identification, associated system to user information, and general simplicity of reporting has made the beginning of our audit process much less painful.