The Disrupt San Francisco conference was held this week out in the city by the bay. One of the companies presenting is called JumpCloud and is based in Boulder, Colorado. JumpCloud is bringing secure DevOps to cloud servers, making it easier for developers to securely manage their cloud based servers.
By way of full disclosure, JumpCloud was co-founded by my friend and longtime business associate Rajat Bhargava. Raj is joined by a former StillSecure colleague of mine, KC Berg, who is CTO. David Campbell, a security industry veteran, is also co-founder of the company as well as CEO.
You can see Raj and Dave's presentation at Disrupt in the YouTube below. The company which debuted at the show has been under wraps in Boulder for months now. The problem they solve is a painful one for many startups who are putting their infrastructure in the cloud. Who has the time and cycles to pay attention to managing and securing the cloud servers when you are busy developing your applications, services and company?Unfortunately, secure management of these servers is usually a lower priority in the big picture of things to get done. That is, until something bad happens and you pay the price (if you don't see a video below, please refresh the page).
JumpCloud solves this issue painlessly. By adding just one line of code to your server settings, JumpCloud makes the mundane easy, makes the risk manageable, but most of all allows you to focus on your business, not managing and securing a cloud server up in Amazon, Rackspace or somewhere else.
I had a chance to catch up with Raj and Dave prior to their going on stage at Disrupt. While both of them have long and successful backgrounds in the security world, they both emphasized that this is not per se a security tool. Security is of course very important, while near and dear to both of them. But JumpCloud is about something even bigger they think. Security is only one aspect of developers managing cloud-based servers.
Fundamentally, they think the model has changed. You no longer have a development team who requests changes from the IT department, who then institutes them on the organization's infrastructure. Today, devs in companies both big and small are managing infrastructure themselves. Especially in startup type of environments, development and IT are one and the same. The infrastructure is up in the cloud, not on-premise. Devs want to develop, startups want to move at lightspeed. Managing cloud servers, including securing them, is just not a top priority or strength. But that doesn't mean it is not important.
JumpCloud can today manage who can access your server and from where. It can also alert you to available patches, potential attacks, malware and hacking attempts. It can monitor system performance and configuration. Of course, there is more to come in the way of cloud server DevOps from the JumpCloud team.
David also emphasized that an important point is that the JumpCloud model matches the cloud model as well. It is easy to set up and just about hands free to run. Hands aren't the only thing free here, though. JumpCloud is free if you have just a few servers. If you have more than a couple of servers, it is as low as $10 per month per server.
While Rajat thinks this pricing makes it a no-brainer for SMEs and startups who leverage the cloud, I think that a large portion of developers using the cloud actually are part of larger enterprises who are leveraging the cloud to speed up their development cycles. For these folks engaging the IT department to manage the kinds of tasks that JumpCloud does can be cumbersome, expensive and time consuming. JumpCloud lets developers use the cloud at the speed of development. I think it will find a great audience among these folks as well.
JumpCloud also represents a new breed of security company. For a long time many of us in the industry have foretold of a day where security would not exist in a vacuum. Security eventually has to be part of IT, not a separate entity. JumpCloud is the embodiment of this vision. Security integrated into cloud server DevOps. We live in great times indeed!
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.