EdgeConneX

Achieving ISO Compliance in a Cross-Platform Environment

Summary


EdgeConneX is transforming digital content delivery. They are a data center and colocation services company that is optimizing internet connectivity for businesses across the world. EdgeConneX’s modern approach to networks has been met with success and rapid growth. But with this growth comes an expanding user base, sprawling infrastructure, and the requirement to be ISO compliant. Their existing Active Directory® instance wasn’t up to the task. EdgeConneX’s Vice President of IT, Martin Skojec, set out to find a new solution. In his search, Martin discovered JumpCloud Directory-as-a-Service®. Martin was pleasantly surprised to have found an identity provider that worked in his cloud-forward, cross-platform environment.

Company:

EdgeConneX

Size:

250 users (140 full-time employees, 90 contractors)

Location:

Herndon, VA

Problem:

No password management in a cross-platform environment

Goal:

ISO Compliance

Background


“EdgeConneX had the innovative idea to move the network out to the edge, so that content is served as close as possible to where it is consumed,” Skojec explained. “Previously, there had been eight pairing points in the U.S. for internet connectivity. So, if you lived in Phoenix, AZ, your data would likely come out of San Jose, CA. However, that results in high latency, so everything is slower.

“We’ve brought network and content providers into secondary markets like Phoenix, Miami, and Tallahassee,” said Skojec. “That means internet connectivity is being served locally. The result is better internet performance, faster speeds, and less bandwidth use from our customers since they’re not having to stream from so far away.

“This year EdgeConneX is expanding into two markets outside the US: South America and Canada. We’re continuing to augment and expand our existing data centers as customers come in,” said Skojec. “In the last 24 months, we have built about 30 data centers, and we’re rolling out 1 megawatt of power capacity every 30 days.”

EdgeConneX’s network infrastructure has not been the only growing component. In the last two years, EdgeConneX went from 29 employees to 140 full time employees and 90 contractors – an almost 10x growth.

The Challenge


As EdgeConneX grew, their IT team faced an ever-expanding set of requirements.

Skojec explained, “We were never really a help desk IT department. We focused more on networking infrastructure. We would issue a laptop when we hired someone, give them an email account, and off they would go. We didn’t have any policies that we enforced or any user systems controls to speak of.”

“When ISO certification became a business necessity, we had to quickly come in to compliance with how we managed password complexity, expiration, and rotation.”

This requirement was complicated by their heterogeneous environment. “We have a 50/50 split between Windows® and Mac for our users, and about a 95/5 split on servers between Windows and Linux,” Skojec said. “I needed something I could deploy across all platforms that would enforce the same policies and procedures across those platforms.”

The Search for a Solution


“There were a few alternatives that we considered when we started looking,” Skojec said. “We initially used Microsoft® Active Directory. However, we tried to get our Macs, Linux servers, and Windows systems to work with AD, and it just didn’t quite happen. In addition, a lot of our users are remote.”

In an Active Directory environment, enabling remote users to change their password can be done, but it’s a hassle. Skojec explained, “Users would have to get on the VPN to connect back to the LAN to be able to connect to Active Directory to update their password. Any organization who manages remote users knows this is an untenable situation. When we started looking, we actually started with Azure because we wanted a cloud-based service that didn't require VPNs or a corporate LAN for that very reason. But Azure did not work quite as well with Mac systems or Linux servers.

“I started looking for a solution that would work across all end user platforms,” Skojec said. “I found JumpCloud.”

“JumpCloud was the easiest solution to deploy across our entire environment, and it simply worked on every platform we put it on – Mac, Windows, and Linux.”

“JumpCloud is very lightweight. There’s no heavy client that has to be maintained. There’s no VPN setup involved. If you have internet connectivity, it works,” Skojec explained. “Even better, it works across all of our platforms, universally. JumpCloud is very easy to manage and maintain. Also, we only have to train our users for one thing – I don’t have to train a Windows group on one tool and a Mac group on another. It’s universal across the board.”

Justification


Justifying the acquisition of a new piece of technology to your executive team is not always simple. Thankfully, Skojec understood not only how JumpCloud could make life easier for the IT department, but also how JumpCloud could make life easier for his executive team.

“We started down this path because we had to achieve ISO compliance,” said Skojec. “We had no choice; we had to be able to manage password policies, their expiration, and their rotation. My first step in justifying JumpCloud was to successfully deploy it in a test environment. Then, I was able to go to our executive committee and show JumpCloud in action while explaining how JumpCloud can help us achieve ISO compliance.”

For the decision-makers at EdgeConneX, the choice was an easy one.

Skojec explained why. “Our mixed environment meant that JumpCloud was the only solution that would allow us to enforce policies to achieve compliance across all platforms and all users. Plus, it’s very easy for the user to self-maintain. This helped us keep costs low by negating the need for EdgeConneX to hire more help desk staff just to reset passwords or manually enforce policies across multiple platforms.”

Implementation


“When we deployed JumpCloud, we were in a rush to meet a deadline for contractual reasons – the typical IT squeeze,” Skojec said.

“Our experience with deploying JumpCloud was very simple – it worked out of the box.”

“There was not a big learning curve at all. Once we understood the interface, how to install the client, and how to get the authorization key, it was very easy to roll out. We were able to roll out JumpCloud, and a whole set of tools, to our entire user base over the span of about 3 months.

“There’s really only one person that handles the help desk on a day-to-day basis at EdgeConneX, and we have approximately 250 users. Those are daunting odds for IT. So, we’re using JumpCloud for RADIUS as well as LDAP, and we’re using the thin client for endpoint management. Doing so, we’ve been able to better manage our VPN, WiFi, server, and switch access.

“JumpCloud is also controlling our Office 365 accounts which is great. When we create a user account in JumpCloud, an email account is automatically provisioned in Office 365. It’s just one less thing we have to do from a help desk perspective.

“I am hoping to roll out Dropbox this year, and thanks to using JumpCloud’s pre-built connectors, we will be able to centralize authentication. I’m also pushing our development team to use the JumpCloud SAML connector for other apps we use in-house. JumpCloud really provides true single sign-on by enabling everybody to use the same username and password for everything they do. Thanks to JumpCloud, we’ll be able to create a centralized environment, and hopefully we get there this year.”

The Results


“JumpCloud has saved us a tremendous amount of time. Onboarding a new user has gone from about two days to an hour.”

JumpCloud’s True Single Sign-on solution has had a significant impact on onboarding and offboarding new employees for EdgeConneX. Skojec shared, “In the past, we would have to touch every server, add the account, add them to Active Directory, get it joined, and get the VPN set up. The onboarding process is a lot simpler now because we truly have a single unified directory service. We add you in JumpCloud, we put you in the appropriate group, and you have access to everything you need. It’s just there. It just works.”

“In addition, offboarding employees is much simpler and more secure because we don't have to remember to touch every system or company resource to which they had been granted access – usually spanning years of use. To offboard an employee, we go to one place – the JumpCloud Admin Console. We delete their account, and it deletes their WiFi access, their PC login, application access, and server access. It has made offboarding so much quicker. As much as onboarding employees has improved, the offboarding process has had the largest impact on my organization, as it’s not only quicker, but also helps us prove compliance.”

A secure offboarding workflow has helped EdgeConneX tremendously when it comes to compliance audits. “We have to go through audits every six months,” explained Martin, “and it’s very nice to say, ‘Oh yes, when we offboarded this person, JumpCloud is how we completely removed their access.’ We can prove the person has actually been removed from all systems, servers, applications, and networks. From an audit standpoint, JumpCloud has saved us a significant amount of time, and greatly reduces our risk.”

JumpCloud - A Solution that Really Works


“For EdgeConneX, the biggest benefit is that JumpCloud really works well across all platforms. JumpCloud has made it very easy to apply the same password policies and security policies across Windows, Mac, and Linux systems.”

“In the IT field, we’ve all dealt with Active Directory for the last 20 years,” said Skojec. “It works well on a corporate LAN with all Windows machines. However, once you start bringing in different devices and you’re not on a corporate LAN, Active Directory begins to struggle. If you’re a mixed device environment with remote workers that never touch a corporate network, JumpCloud does the same job as Active Directory, only better.”

More Info


If you would like to learn more about how Directory-as-a-Service can help you with becoming ISO compliant or help you centralize user authentication, reach out to us at [email protected]

About JumpCloud:

JumpCloud® Directory-as-a-Service® is Active Directory® and LDAP reimagined. JumpCloud securely manages and connects your users to their systems, applications, files, and networks. Try JumpCloud's cloud-based directory services now, or contact us at 855.212.3122.

Contact Us

For additional reading, blog updates, and the latest news please visit the JumpCloud blog.