>>Hey everyone. Welcome to the cubes presentation of the AWS startup showcase. This is season two, episode four of our ongoing series that features exciting startups within the AWS ecosystem. This episode's theme, cybersecurity protect and detect against threats. I'm your host, Lisa Martin, and I'm pleased to welcome back. One of our alumni chase joins me the principal strategist at jump cloud chase. It's great to have you back on the >>Perfect Michael, thank you so much for having me again, >>Tell the audience just a little quick refresher on jump cloud, open directory platform. We just give them that little bit of context. >>You bet. So jump cloud provides an open directory platform and what we mean by that is we help manage all of your employees, identities, the devices that they operate on, and then all the access that they need in order to get their work done in a modern it environment. >>So from a target, a market segment perspective, this is really targeted at small medium enterprise SMEs managed security providers. MSPs, talk to me a little bit about that and some of the what's in it for me, for those folks. >>Yeah, absolutely. And when we are thinking about specifically within that market, so small, medium enterprises and the it, or the managed service providers that help support those organizations, there's a lot of different technologies that you use in order to make sure that you have a secure organization. And within that group specifically, there's a lot less of a luxury right of an enterprise budget or kind of all these different personnel that you might have available to you. And it's really kind of down to maybe one team or just a couple folks or just one person wearing a lot of different hats. And so we've designed the open directory platform to help accommodate for a lot of those different pieces where we're bringing in multiple different types of technologies from identity access management, device management and MDM, MFA access through single sign on all of those different pieces and more that help kind of come into one platform. >>So not only do you have all the technology there at your disposable, but also all the visibility and analytics of folks that are getting in and just trying to get their job done. But now all of those pieces are, are consolidated into one platform and it really helps support a lot of those organizations, right? And keep in mind, you know, small, medium businesses are the most common businesses, not everyone's coming in from an enterprise. And so here we're able to layer on levels of security and making sure that you have best practices, no matter what size you're operating in. >>So consolidating it management, securing employees, access to a variety of it. Resources is really kind of in a nutshell. >>Absolutely. And just making sure that you're combining that combination of securely accessing all the things that you need, but also making sure that from an end user perspective, it's really easy and you have all those things kind of built in from the get go. >>So how are SSEs and MSPs leveraging jump cloud right now? What are some of the outcomes that you are helping them to achieve? Anything stand out to you? >>I think there's a couple different areas that we help support organizations. One is you can think about just the whole employee life cycle. So when, when someone joins an organization from onboarding, you know, where does that identity come from? How can we make sure that they're productive, you know, effective human beings as they come into it, but then the whole life cycle, as they're accessing or changing resources within their role, all the way to the end, where they might be leaving the organization and we can securely off board that person. And so that whole flow that you might have from an organization standpoint is one aspect. Another area is as companies continue to grow, they might be going after, you know, maybe audits, level compliance, other pieces that might help them grow. And there's a lot of layers that you need to think about or different types of technologies and processes to have those certifications and credentials. >>And so we help support those organizations again, by consolidating all those different technologies into one spot. It makes it a lot easier for people to get up to par in how they think that their security standards should be set within an organization. And finally too, I'd say just ease of mind. There's a lot of pieces when you're thinking about, you know, where people might be coming in from how do I get visibility into all those different aspects? And when you have all that under one roof, it adds a lot of, I'd say, you know, less mental stress in terms of one, how all those technologies should be working together effectively, also securely, but then also making sure that you have time in the day to tackle big projects and let some of the, let's say, run rate security out of the way. >>Yeah. That's really important to be able to assign resources that are able to make the biggest impact across the organization, moving things off the plate that are not necessary or more mundane twice a year. I understand jump cloud does a survey with SMEs where you really are aimed at understanding kind of where they are in the market today, their concerns, trends, challenges, budgets. Then I saw you just published results from a survey in June of 2022. Talk to me a little bit about the demographics of the survey, who, who are you talking to within SMEs? And then we can kind of crack open some of those really interesting findings that came out this year. >>Yeah. So we love to get a pulse check of what's happening within the industry, but specifically within that small, medium size, if you will. And so for that survey that we ran, we talked to 400 different roles, kind of that touch it from security. So from vice president of the CCSO all the way down to it, admins and anyone else in between, and we're really looking at organizations that had about 500 employees or less, cuz there's a lot of information out there, especially from the enterprise of, you know, Hey, here's best practices. Here's all the things that you can do. But for smaller organizations, it's not as clear cut or you have less of an understanding of what your peers might be going through or kind of what their concerns are. And so when we're running that survey, that's one thing that we like to keep in mind is it's really meant for organizations at that size because there's, there's some commonalities that you start to see in suss out. >>And it's not to say that those aren't the same concerns that the enterprise folks have as well, because a lot of the things that will come out, you know, they are security based say, Hey, what's top of mind, or what's kind of keeping you up at night. There were some clear indicators and especially well from kind of, as we do this survey, you know, every six months or kind of even year over year, you start to see some trends that are emerging. And so a, a lot of the big ones are, you know, ransomware software, vulnerability and network security. Those are kind of the top three aspects when we're looking at, Hey, what are specifics that are keeping you up? And those are easy to say because ransomware is obviously in the news. Even this week, there are three different organizations just kind of pick out. >>So brussel who does dental manufacturing, they had ransomware in trust, which is another cybersecurity organization. They were breached. But then also Fremont county here in Colorado as a government organization, all three of those were hit by ransomware. And you might not say, Hey, there's, you know, they're all kind of random and they're not put together, but under the hood really it's a lot of the same different technologies that are powering, how people get access into things. Do they have the right levels of credentials? Are there conditions set within that type of access, especially if it's privilege. And so you start to consolidate and bubble down all those different things that can lead up to those concerns. And then even on the software vulnerability side, Mac release, two different vulnerabilities this week. And so now it quickly becomes, okay, great. How can I make sure that my employees are using not only a secure device, but a secure device, that's up to date because it's a dynamic field as all of these things coming through. >>And these are a lot of the gotchas that can keep, you know, small, medium enterprises up at night because if something happens a security event like that, it could be a, you know, a career ending event, but also a company ending event. When you think about that. And so that becomes a really high level of importance because no one wants to see their name in the news, but it also takes a lot of different steps in order to create the layers that are necessary in order to achieve, you know, really solid round stand on for organization to do that. And so that's where we like to come in and help and making sure that a lot of those layers are actually easier to implement than you thought. And it's not this huge project, but you're doing it in a way that's conscious and also not really getting the way of kind of battling users or making sure that their experience is a nightmare as well in order to achieve these goals that you have as an organization, >>You bring up ransomware, it's become a household term that I think probably every generation alive right now in some form or fashion understands what it is to a, to some degree it's now security threats in general. Now no longer if we get hit, it's a matter of one. You gave three great examples of SMEs that were hit recently and organizations. We wouldn't think really them everybody's vulnerable. You talked about the different, you know, some of the, the concerns, software, vulnerable vulnerability, exploits, the use of unsecured networks, people, and this is so common using the same password across applications that SSEs and enterprises too are dealing with. They have to be able to lean on MSPs, for example, in the SME space to say, help us with these obvious vulnerabilities, we need to make sure that our employees are productive. They're working together. We can onboard and offboard people in a secure way. How did this survey uncover how SMEs are leaning more on MSPs to help solve some of those risks that you've talked about? >>I think one of the more interesting trends that we've seen is just the ability and the ramp for organizations to lean on managed service providers. You saw a lot of this during kind of the, the beginning of the pandemic or kind of this really shift to remote work where people kind of have this mentality of, okay, it might be a cost center and, and will have, but it it's always felt this importance to making sure that people are on site. They understand their culture. They understand the, the ways that the organization works. However, now, a lot more organizations are stepping back and saying, well, if I can't see anyone in the office or if there's only half or maybe 10% that are showing up, you know, are there other economies of scale almost that I can get from leveraging a managed service provider bringing in other expertise, right? >>And so it might be valuable to say, Hey, it's not only just managing my organization, but five others. And so now you can start to see and kind of lean on best practices that they've evolved over time. And I think one of the more interesting stats is we see that, you know, almost nine out of 10 organizations that we surveyed are either leveraging an MSP or have considered it. And one of those things that's actually pulling them back or some organizations say, Hey, I've looked at it, but I'm not quite ready to commit to outsourcing this section of my organization that, or kind of bringing in someone to manage it fully alongside with me almost in a co-managed type of environment is a third of 'em say, Hey, I, I don't know how secure the MSPs are themselves. How do they think about their own internal practices? >>And what does that look like? Because again, you, you're thinking about handing over the crown jewels over to someone and say, Hey, here's some of our, our most vulnerable or critical assets that we need to have secured and, and making sure that that's part of the organization. And so it's a, it's an honest conversation that a lot of owners have with MSPs and say, look, are, are you up to snuff, right? Because if something happens, sure, I might have one person to go after, or you might have SLAs that I can, I can go. But it still means me as an organization has been targeted. What does that look like in our types of relationship? And so a lot of the partners that we have on the jump outside, it's a very common conversation that they have with our clients and saying, walking them through and say, Hey, here's our, our security plan. >>Here's how we approach that. Here's all the different tools that we have at, at our disposal that are working alongside jump cloud in order to make sure that not only do you have good posture, I'd say good areas where the organization is set up for success, where you're thinking about not sharing passwords or there's password complexity, or there's other technologies like single sign on that, help reduce that. But in addition to what type of network scanning do you have available? What type of antivirus do you leverage? What are all the other pieces that create that holistic security structure? And so sometimes it's a lot easier for MSPs to deliver that and package it up instead of having, you know, an overburdened it, admin said, great, this is another project that I have to go through and think about and look at pricing and kind of other those components, because it helps speed up. I'd say your time to being more secure. And that's a really real conversation for organizations as they think about planning, as they think about budgets and what impact that might have on organization, making sure that employees can get work done. But we're also thinking about in a very secure mindset within the organization. >>That's so critical as we talked about every or every organization of every size in every industry is vulnerable. There's just no weight getting around it. These days. You talked about an interesting stat, about 90% of the SME surveyed some written we're yes, we're relying on MSV, but we still worry about security. Talk to me from the jump cloud, AWS perspective. How do you help though? That's cause that's a big number, the 90% of SMEs that are still concerned about security, how do you help them dial that down? >>I think it's really understanding, you know, you mentioned AWS, so what are the critical access and what are those points that look like that we need to get a handle on? And how can we make that easier? Cause I think one of the pieces that will often come at and say, Hey, we really wanna make this approach work. We really wanna make sure that when you, when you wake up and you need to get into Q and a environments or, or production or whatever, that might be, that it's a seamless experience, but we as an organization have visibility into what's going on and Hey, if you're getting promoted or your role is changing, we wanna make sure that those attributes or kind of those pieces that are associated to you and your identity are changing with it. And so making sure that there's this dynamic motion available to folks, as they start thinking about, you know, where a majority of their IP lives, it's no longer in some server closet and yes, it might still be on a, on a manufacturing floor, but it's those components that become the most critical for organizations you've heard, I'd say, you know, certainly within the last five years and probably even goes further back where a lot of traditional organizations say, Hey, we're a software company now we're, you know, kind of insert for innovation, making sure we can do that. >>And I think a lot of organizations are still going through that transition, but right behind it and what's coming next. And certainly a lot of organizations start to say, not only are we a software company, but we're a security company. And with that, that comes the mindset. Not only of here's how we tactically get into the things that we need to do our job, but the why behind it. And I think that's one of the elements that might be missing or is certainly one of, I know that we have a lie attainment kind of take that approach of, yes, we're gonna be implementing, we need to have your device passion updated because there's vulnerabilities. But for everyone else kind of on the end user side, it's like, well, okay, well why, why do we need to do that? And so by having that security first type of mentality, that allows everyone to be on the same page, play on the same team and making sure that when, you know, those requests are coming in both back and forth between end users and its security team, anyone else that might be involved within that process, you all understand that say, Hey, it's not, you know, it, it's not my job. >>It's everyone's job, right? We're all in this together because that's some of the parts where it can start to fall down too. You might have a team that has the best practices and in, you know, in intentions, but if the implementation and the follow through isn't bought in from everyone, then you're also playing against the speed of the organization to adopt it. And that's really the timeline that you're battling, especially when you're thinking about ransomware or someone who already might be in it is how can we help mitigate a lot of those different pieces. So by combining all those different elements into a thought process, into a mentality of being a security first organization, that's really kind of helps within the ripple effect all the way down into, you know, the critical resources like AWS. >>It has to be a holistic view. There's really no other choice these days. And it also has to be done in a timely fashion. What did, as we wrap up kind of talking about the survey here, what were some of the trends, the future trends it uncovered as we are still in a remote and distributed work environment. It probably always will be. We've seen challenges and everyone's mental health in terms of, of strapped resources. What did the survey uncover as to what these folks saw as future trends? >>So I'd say there's a, there's a couple, there there's a lot, but we'll break it down and say, I'd say three core trends that you saw across every organization that we talked to, including our own base of over 180,000 organizations that rely on gem cloud is, Hey, security is number one, right? And we we've talked to that about at length device management is another extension of that. I'm sorry, making sure that, Hey, this is the only piece of hardware I have from the company in front of me. I wanna make sure that I can manage secure it, make sure it's patched as well as we kind of operate in this dynamic and environment, making sure that we're resilient as an organization. And then I'd say finally, as those pieces start to evolve, there's still some organizations that are how trying to understand kind of truly manage what does hybrid and remote and kind of what does that look like for me as an organization? >>Cause I think we're now out of this panic mode and now organizations are now setting up. Okay, what are some of the long term structures as I think about that, and you hear a lot about too, from other organizations that are mandating folks to come back or okay. Maybe it's just a couple days a week or all of those decisions have impacts on the it organization. So that is very alive and well, I'd say one of the other pieces you mentioned mental health is that we are starting to understand a little bit more, you know, kind of who's behind the computer. Who's, who's behind the keyboard. What does the impact have for them? Because in this type of work environment as well, you know, it's still challenging to find really good talent. And so you might be strapped for resources. You might be the only person that's trying to implement these processes or the security protocol, or trying to help get us up into a good compliance posture, all of those different pieces kind of on it. >>And so you can start to think about man, how do I, how do I make progress? And I think that's one of the other pieces that is really important for folks kind of from that perspective is, you know, always understand that you're making progress, even though the, the tickets might be coming at you and you, there's never ending in sight. All those steps that you take for an organization are critically important. And so, and it's not always just a people answer cuz you might, might not be in the position to say, Hey, we need an extra five hands on this in order to make it done. It might have to be more of a conversation of, Hey, here are the pieces that we need to automate. Here are the business processes that we really need to think about in order to have a fundamental impact on what we can do. >>And then you can come back and say, great. And if we have this, it might actually look like one and a half people. You can't really hire a half person, but you come into those types of mentality with a really solid argument of here's what we need to have in order to make this happen. And I think too, getting that type of buy-in again, making sure, Hey, we are a security company after all, we're all in this together that allows everyone to kind of help pitch in because if you don't have that piece, then you know, everything can feel much more burdensome, right? And the level of burnout increases the, the level of mental health in general, across the teams that are acting as supporting functions for an organization, start to get burnout. And it might not always be as Hey, as important as, as revenue or Hey, we're getting this marketing campaign out, but it's this underwriting thing in terms of really, truly important infrastructure that the company needs to think about. >>And when you can involve all of those different pieces, then people feel like they can make a positive impact. They feel more empowered. They have, you know, emojis attached to tickets and say, Hey, it was so great to help you out today. And a lot of those I'd say interpersonal connections that you might be missing in a remote only type of world in organization. And so bringing all those little tidbits back into, you know, how to, how to be a good person, how to be a good human and how to make sure that there's some personality involved with it. And it's not just this ongoing process. I think there's a little bit of give and take, but that's one other thing that we've surfaced is really just understanding a better picture of who's implementing all these amazing things around the world. >>That's so important. There's so many different levers to the pull here where becoming a security company is concerned. Where can folks go to one chase, get the surveying two, some final thoughts. What, where can folks go to actually test out jump drive? >>Yeah, absolutely >>Jump out. Excuse me. >>So within everything that we talked about, some from various different technologies from identity management, device management, SSO, MFA, and many, many more. So you can go to jumpcloud.com, create a free organization. It's free up to 10 users, 10 devices. So even for really small organizations, even if you're a startup, we can help leverage enterprise grade security technology for you to implement as well as more detailed on the reports. And so if you wanna get a better sense of kind of how we look at the world types of information that we can bring back and making sure that you're learning from your peers and how to implement and put your best foot forward within the organization, we always have a ton of amazing resources and content that really looks at, you know, who's doing the work. Why are they doing the work? And how is that work impactful within multiple different organizations and not only just the organizations themselves, but those that are supporting it like managed service providers of the world. >>Got it. Awesome. Chase. Thank you so much for joining me on this episode of the AWS startup showcase, talking to us about what jump cloud is uncovered with respect to the concerns that SMEs have, how MSPs are helping, how jump cloud is also a facilitator of really helping to organizations to become security organizations. We appreciate your time. >>Absolutely. Thank you so much for having me again. >>Our pleasure. We wanna you for watching. Keep it right here on the, for more action. The, is your leader in live coverage?