Challenging the traditional boundaries between IAM and UEM

It’s always refreshing to engage with vendors who aren’t bound by the rigid category definitions that large analyst firms often impose on the market. At Freeform Dynamics, our view is that it’s better to focus on business priorities and desired outcomes, then scope discussions and investments around what you’re actually trying to achieve. That’s why our recent briefing with JumpCloud was so interesting.

JumpCloud is a cloud-based directory platform that unifies identity and access management (IAM) and unified endpoint management (UEM) capabilities. While these have traditionally been seen as separate domains, JumpCloud recognises that for their core mid-market customers, the lines have always been somewhat blurred. 

We concur with this assessment, as we ourselves consistently find that IT professionals in smaller organisations often wear multiple hats, managing everything from user onboarding and application access to device provisioning and security policies, and potentially lots of other things that go well beyond these areas. They don’t have the luxury of specialist teams with dedicated tools.

By combining IAM and UEM in a single platform, JumpCloud aims to simplify life for these resource-constrained IT departments. Admins can use one console to manage user identities, configure and secure devices, and define granular access policies based on user, device, and contextual attributes. This integrated approach enables key use cases like:

• Automated onboarding and offboarding workflows that span both identity and device lifecycle management
• Extending conditional access policies to enforce device health and compliance as well as user authentication in a heterogeneous landscape 
• Streamlining access request and approval processes with a unified policy engine

Under the hood, JumpCloud is building innovative features at the intersection of identity and device security. Its passwordless “JumpCloud Go™” solution binds user credentials to specific devices for more seamless and secure authentication. Dynamic user groups can be defined based on any combination of user attributes, device properties, and directory data, enabling highly targeted policy assignment and provisioning.

While JumpCloud isn’t the only vendor exploring this IAM-UEM convergence, they are one of the first to explicitly target mid-market customers with an integrated platform built from the ground up that isn’t part of a sprawling suite. 

It’s an approach that might challenge existing mindsets and solution categories in the large enterprise space, but for smaller organisations it can actually feel a lot more natural, even a bit of a relief. If Goldilocks worked as an IT manager in a mid-sized company, she would almost certainly approve of the functional scope – not too big, not too small – just right!

Towards the end of the briefing, we asked the JumpCloud guys what they would highlight as the three biggest imperatives for mid-market IT leaders, and this is what they came up with:

1. Eliminate passwords in favour of more secure, user-friendly authentication methods. Passwordless solutions are now accessible for smaller organisations, not just enterprises.
2. Unify identity and device management to reduce complexity and improve security posture, especially with remote and hybrid work becoming the norm. IAM and UEM are converging – fighting or ignoring that trend will make life progressively harder.
3. Embrace modern cloud directory platforms to support this convergence. Adopting standards like SAML and SCIM and securing that access through the concept of least privileges doesn’t have to involve multi-year migration projects.

Again, we found ourselves agreeing, and picking up on that last point, if you work in IT in a smaller business environment, it’s certainly worth exploring the latest options. The state-of-the-art or ‘art-of-the-possible’ as our own Tony Lock calls it, has moved on a lot in recent years. When it comes to IAM and UEM, it’s so easy to miss how much your approach and your tooling may not have kept up with the way the application, service and device mix has been changing, let alone user behaviour and the overall threat landscape.