 Hey everyone, welcome to theCUBE's presentation of the AWS Startup Showcase. This is season two, episode four of our ongoing series that features exciting startups within the AWS ecosystem. This episode's theme, cybersecurity, protect and detect against threats. I'm your host, Lisa Martin, and I'm pleased to welcome back one of our CUBE alumni, Chase Doley, joins me, the principal strategist at JumpCloud. Chase, it's great to have you back on theCUBE. I'm perfect and likewise. Thank you so much for having me again. Tell the audience just a little quick refresher on JumpCloud Open Directory Platform, and just give them that little bit of context. You bet. So JumpCloud provides an open directory platform, and what we mean by that is we help manage all of your employees' identities, the devices that they operate on, and then all the access that they need in order to get their work done in a modern IT environment. So from a market segment perspective, this is really targeted at small, medium enterprise SMEs, managed security providers, MSPs. Talk to me a little bit about that and some of the what's in it for me for those folks. Yeah, absolutely. And when we were thinking about specifically within that market, so small, medium enterprises and the IT or the managed service providers that help support those organizations, there's a lot of different technologies that you use in order to make sure that you have a secure organization. And within that group specifically, there's a lot less of a luxury, right? Of an enterprise budget or kind of all of these different personnel that you might have available to you. And it's really kind of down to maybe one team or just a couple of folks or just one person wearing a lot of different hats. And so we've designed the open directory platform to help accommodate for a lot of those different pieces where we're bringing in multiple different types of technologies from identity access management, device management and MDM, MFA, access through single sign-on, all of those different pieces and more that help kind of come into one platform. So not only do you have all the technology there at your disposable, but also all of the visibility and analytics of folks that are getting in and just trying to get their job done. But now all of those pieces are consolidated into one platform. And it really helps support a lot of those organizations, right? And keep in mind, small, medium businesses are the most common businesses. Not everyone's coming in from an enterprise. And so here we're able to layer on levels of security and making sure that you have best practices no matter what size you're operating in. So consolidating IT management, securing employees access to a variety of IT resources is really kind of in a nutshell. Absolutely. I'm just making sure that you're combining that combination of securely accessing all the things that you need, but also making sure that from an end user perspective, it's really easy. And you have all those things kind of built in from the get go. So how are SMEs and MSPs leveraging JumpCloud right now? What are some of the outcomes that you're helping them to achieve? Anything stand out to you? I think there's a couple of different areas that we help support organizations. One is you can think about just the whole employee lifecycle. So when someone joins an organization from onboarding, where does that identity come from? How can we make sure that they're productive, effective human beings as they come into it? But then the whole lifecycle as they're accessing or changing resources within a role all the way to the end where they might be leaving the organization and we can securely off-board that person. And so that whole flow that you might have from an organization standpoint is one aspect. Another area is as companies continue to grow, they might be going after maybe audit level compliance, other pieces that might help them grow. And there's a lot of layers that you need to think about are different types of technologies and processes to have those certifications and credentials. And so we help support those organizations, again, by consolidating all those different technologies into one spot, it makes it a lot easier for people to get up to par and how they think that their security standards should be set within an organization. And finally too, I'd say just ease of mind. There's a lot of pieces when you're thinking about where people might be coming in from, how do I get visibility into all those different aspects? And when you have all that under one roof, it adds a lot of, I'd say, less mental stress in terms of one, how all those technologies should be working together effectively, also securely, but then also making sure that you have time in the day to tackle big projects and let some of the, let's say, run rate security out of the way. Yeah, that's really important to be able to assign resources that are able to make the biggest impact across the organization, moving things off the plate that are not necessarily a more mundane. Twice a year, I understand, Jumfab does a survey with SMEs, where you really are aimed at understanding kind of where they are in the market today, their concerns, trends, challenges, budgets. Then I saw you just published results from a survey in June of 2022. Talk to me a little bit about the demographics of the survey. Who are you talking to within SMEs? And then we kind of crack open some of those really interesting findings that came out this year. Yeah, so we love to get a pulse check of what's happening within the industry, but specifically within that small, medium size, if you will. And so for the survey that we ran, we talked to 400 different roles, kind of that touch IT from security. So from vice president of the CISO all the way down to IT admins and anyone else in between. And we're really looking at organizations that had about 500 employees or less. Because there's a lot of information out there, especially from the enterprise of, hey, here's best practices, here's all the things that you can do. But for smaller organizations, it's not as clear cut, or you have less of an understanding of what your peers might be going through or kind of what their concerns are. And so when we're running that survey, that's one thing that we like to keep in mind is it's really meant for organizations at that size, because there's some commonalities that you start to see in suss out. And it's not to say that those aren't the same concerns that the enterprise folks have as well. Because a lot of the things that will come out, they were security based. I'm gonna say, hey, what's top of mind or what's kind of keeping you up at night? There were some clear indicators and especially well from kind of, as we do the survey, every six months or kind of even year over year, you start to see some trends that are emerging. And so a lot of the big ones are ransomware, software vulnerability and network security. Those are kind of the top three aspects when we're looking at, hey, what are specifics that are keeping you up? And those are easy to say because ransomware is obviously in the news. Even this week, there are three different organizations just kind of pick out. So Brestler who does dental manufacturing, they had ransomware, Intrust, which is another cybersecurity organization. They were breached, but then also Fremont County here in Colorado as a government organization, all three of those were hit by ransomware. And you might not say, they're all kind of random and they're not put together, but under the hood, really it's a lot of the same different technologies that are powering how people get access into things. Do they have the right levels or credentials? Are there conditions set within that type of access, especially if it's privileged? And so you start to consolidate and bubble down all those different things that can lead up to those concerns. And then even on the software vulnerability side, Mac released two different vulnerabilities this week. And so now it quickly becomes, okay, great, how can I make sure that my employees are using not only a secure device, but a secure device that's up to date because it's a dynamic field as all of these things coming through. And these are a lot of the gotchas that can keep small, medium enterprises up at night because if something happens, a security event like that, it could be a career ending event, but also a company ending event when you think about that. And so that becomes a really high level of importance because no one wants to see their name in the news, but it also takes a lot of different steps in order to create the layers that are necessary in order to achieve really solid ground stand on for an organization to do that. And so that's where we like to come in and help and making sure that a lot of those layers are actually easier to implement than you thought and it's not this huge project, but you're doing it in a way that's conscious and also not really getting the way of kind of battling users or making sure that their experience is a nightmare as well in order to achieve these goals that you have as an organization. You bring up ransomware and it's become a household term that I think probably every generation alive right now in some form or fashion understands what it is to some degree. It's now, security threats in general, now no longer, if we get hit, it's a matter of one. You gave three great examples of SMEs that were hit recently and organizations we wouldn't think really them. Everybody's vulnerable. You talked about the different, some of the concerns, software vulnerability exploits, the use of unsecured networks, people, and this is so common using the same password across applications that SMEs and enterprises too are dealing with. They have to be able to lean on MSPs, for example, in the SME space to say, help us with these obvious vulnerabilities. We need to make sure that our employees are productive, they're working together. We can onboard and off board people in a secure way. How did this survey uncover how SMEs are leaning more on MSPs to help solve some of those risks that you talked about? I think one of the more interesting trends that we've seen is just the ability in the ramp for organizations to lean on managed service providers. You saw a lot of this during kind of the beginning of the pandemic or kind of this really shift to remote work where people kind of have this mentality of, okay, IT might be a cost center and we'll have, but it's always felt this importance to making sure that people are on site, they understand their culture, they understand the ways that the organization works. However, now a lot more organizations are stepping back and saying, well, if I can't see anyone in the office or if there's only half or maybe 10% that are showing up, are there other economies of scale almost that I can get from leveraging a managed service provider, bringing in other expertise, right? And so it might be valuable to say, hey, it's not only just managing my organization, but five others. And so now you can start to see and kind of lean on best practices that they've evolved over time. And I think one of the more interesting stats is we see that, you know, almost nine out of 10 organizations that we surveyed are either leveraging an MSP or have considered it. And one of those things that's actually pulling them back where some organizations say, hey, I've looked at it, but I'm not quite ready to commit to outsourcing this section of my organization that or kind of bringing in someone to manage it fully alongside with me, almost in a co-managed type of environment, is a third of them say, hey, I don't know how secure the MSPs are themselves. How do they think about their own internal practices and what does that look like? Because again, you're thinking about handing over the crown jewels over to someone and say, hey, here's some of our most vulnerable or critical assets that we need to have secured and making sure that that's part of the organization. And so it's an honest conversation that a lot of the owners have with MSPs and say, look, are you up to snuff, right? Because if something happens, sure, I might have one person to go after or you might have SLAs that I can go, but it still means me as an organization has been targeted. What does that look like in our types of relationship? And so a lot of the partners that we have on the jump cloud side, it's a very common conversation that they have with their clients and saying, walking them through and say, hey, here's our security plan. Here's how we approach that. Here's all the different tools that we have at our disposal that are working alongside jump cloud in order to make sure that not only do you have good posture, I'd say good areas where the organization is set up for success, where you're thinking about not sharing passwords or there's password complexity or there's other technologies like single sign-on that help reduce that. But in addition to what type of network scanning do you have available? What type of antivirus do you leverage? What are all the other pieces that create that holistic security structure? And so sometimes it's a lot easier for MSPs to deliver that and package it up instead of having an overburdened IT admins that, great, this is another project that I have to go through and think about and look at pricing and kind of other those components because it helps speed up, I'd say your time to being more secure. And that's a really real conversation for organizations as they think about planning, as they think about budgets and what impact that might have on an organization to making sure that employees can get work done, but we're also thinking about in a very secure mindset within the organization. And that's so critical. As we talked about every organization of every size in every industry is vulnerable. There's just no way of getting around it these days. You talked about an interesting stat about 90% of the SMEs survey said, we're, yes, we're relying on MSPs, but we still worry about security. Talk to me from the JumpCloud AWS perspective, how do you help though, because that's a big number, the 90% of SMEs that are still concerned about security, how do you help them dial that down? I think it's really understanding, you mentioned AWS. So what are the critical access and what are those points that look like that we need to get a handle on? And how can we make that easier? Cause I think one of the pieces that we'll often come at and say, hey, we really want to make this approach work. We really want to make sure that when you wake up and you need to get into Q and A environments or production or whatever that might be that it's a seamless experience. But we as an organization have visibility into what's going on. And hey, if you're getting promoted or your role is changing, we want to make sure that those attributes or kind of those pieces that are associated to you and your identity are changing with it. And so making sure that there's this dynamic motion available to folks as they start thinking about, where a majority of their IP lives. It's no longer in some server closet. And yes, it might still be on a manufacturing floor, but it's those components that become the most critical for organizations. You've heard, I'd say, certainly within the last five years and probably even goes further back where a lot of traditional organizations say, hey, we're a software company now. We're kind of insert for innovation, making sure we can do that. And I think a lot of organizations are still going through that transition. But right behind it and what's coming next and certainly a lot of organizations start to say not only are we a software company, but we're a security company. And with that, that comes the mindset not only of here's how we tactically get into things that we need to do our job, but the why behind it. And I think that's one of the elements that might be missing or is certainly one of, I know that we have a lie to you and kind of take that approach of, yes, we're gonna be implementing, we need to have your device patched and updated because there's vulnerabilities. But for everyone else kind of on the end user side is like, well, okay, well, why? Why do we need to do that? And so by having that security first type of mentality, that allows everyone to be on the same page, play on the same team and making sure that when, those requests are coming in both back and forth between end users and ITs, security team, anyone else that might be involved within that process, you all understand that say, hey, it's not my job, it's everyone's job, right? We're all in this together because that's some of the parts where it can start to fall down too. You might have a team that has the best practices and intentions, but if the implementation and the follow-through isn't bought in from everyone, then you're also playing against the speed of the organization to adopt it. And that's really the timeline that you're battling, especially when you're thinking about ransomware or someone who already might be in it, is how can we help mitigate a lot of those different pieces? So by combining all those different elements into a thought process, into a mentality of being a security first organization, that's really kind of helps within the ripple effect all the way down into the critical resources like AWS. It has to be a holistic view. There's really no other choice these days and it also has to be done in a timely fashion. What did, as we wrap up, kind of talking about in the survey here, what were some of the trends, the future trends it uncovered? As we are still in a remote and distributed work environment, probably always will be. We've seen challenges and everyone's mental health in terms of strapped resources. What did the survey uncover as to what these folks saw as future trends? So I'd say there's a couple, there's a lot, but we'll break it down and say I'd say three core trends that you saw across every organization that we talked to, including our own base of over 180,000 organizations that rely on JumCloud is, hey, security's number one, right? And we've talked about it at length. Device management is another extension of that. I'm sorry, making sure that, hey, this is the only piece of hardware I have from the company in front of me. I wanna make sure that I can manage, secure it, make sure it's patched as well as we kind of operate in this dynamic and environment, making sure that we're resilient as an organization. And then I'd say finally, as those pieces start to evolve, there's still some organizations that are trying to understand, kind of truly manage what is hybrid and remote and kind of what does that look like for me as an organization? Cause I think we're now out of this panic mode and now organizations are now setting up, okay, what are some of the longterm structures as I think about that? And you hear a lot about too from other organizations that are mandating folks to come back or okay, maybe it's just a couple of days a week or all of those decisions have impacts on the IT organization. So that is very alive and well. I'd say one of the other pieces you mentioned mental health is that we're starting to understand a little bit more kind of who's behind the computer, who's behind the keyboard, what does the impact have for them? Because in this type of work environment as well, it's still challenging to find really good talent. And so you might be strapped for resources, you might be the only person that's trying to implement these processes or the security protocol or trying to help get us up into a good compliance posture, all of those different pieces kind of wreak havoc on it. And so you can start to think about, man, how do I make progress? And I think that's one of the other pieces that is really important for folks kind of from that perspective is always understand that you're making progress. Even though the tickets might be coming at you there's never ending in sight, all those steps that you take for an organization are critically important. And so, and it's not always just a people answer because you might not be in the position to say, hey, we need an extra five hands on this in order to make it done. It might have to be more of a conversation of, hey, here are the pieces that we need to automate. Here are the business processes that we really need to think about in order to have a fundamental impact on what we can do. And then you can come back and say, great. And if we have this, it might actually look like one and a half people. Maybe you can't really hire a half person, but you come into those types of mentality with a really solid argument of, here's what we need to have in order to make this happen. And I think too, getting that type of buy in again making sure that, hey, we are a security company after all, we're all in this together. That allows everyone to kind of help pitch in because if you don't have that piece, then everything can feel much more burdensome, right? And the level of burnout increases the level of mental health in general across the teams that are acting and supporting functions for an organization start to get burnout. And it might not always be as, hey, as important as revenue or, hey, we're getting this marketing campaign out, but it's this underwriting thing in terms of really truly important infrastructure that the company needs to think about. And when you can involve all of those different pieces, then people feel like they can make a positive impact. They feel more empowered. They have emojis attached to tickets and say, hey, it was so great to help you out today. And a lot of those, I'd say interpersonal connections that you might be missing in a remote only type of world and organization. And so bringing all those little tidbits back into, how to be a good person, how to be a good human and how to make sure that there's some personality involved with it. And it's not just this ongoing process. I think there's a little bit of give and take, but that's one other thing that we've surfaced is really just understanding a better picture of who's implementing all of these amazing things around the world. It's so important. There's so many different levers to pull here where becoming a security company is concerned. Where can folks go to, one, chase, get the survey? And two, some final thoughts. What, where can folks go to actually test out Jump Drive? Yeah, absolutely. Jump out, excuse me. So within everything that we talked about, some from various different technologies from identity management, advice management, SSO, MFA, and many, many more. So you can go to jumpcloud.com, create a free organization. It's free up to 10 users, 10 devices. So even for really small organizations, even if you're a startup, we can help leverage enterprise grade security technology for you to implement, as well as more detailed on the reports. And so if you want to get a better sense of kind of how we look at the world, types of information that we can bring back and making sure that you're learning from your peers and how to implement and put your best foot forward within the organization. We always have a ton of amazing resources and content that really looks at, you know, who's doing the work? Why are they doing the work? And how does that work impactful within multiple different organizations and not only just the organizations themselves, but those that are supporting it like managed service providers of the world. Got it, awesome. Chase, thank you so much for joining me on this episode of the AWS startup showcase. Talking to us about what JumpCloud has uncovered with respect to the concerns that SMEs have, how MSPs are helping, how JumpCloud is also a facilitator and really helping to organizations to become security organizations. We appreciate your time. Absolutely, thank you so much for having me again. Our pleasure. We want to thank you for watching. Keep it right here on theCUBE for more action. theCUBE is your leader in live tech coverage.