IT Necessities for a

Distributed World
Building a Modern
IT Infrastructure for
Hybrid-Remote Work

Ryan Bacon and Kim Crawley

with Kate Lake

Beijing Boston Farnham Sebastopol Tokyo

IT Necessities for a Distributed World
by Ryan Bacon and Kim Crawley with Kate Lake
Copyright © 2022 O’Reilly Media. All rights reserved.
Printed in the United States of America.
Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA
95472.
O’Reilly books may be purchased for educational, business, or sales promotional use.
Online editions are also available for most titles (http://oreilly.com). For more infor‐
mation, contact our corporate/institutional sales department: 800-998-9938 or
corporate@oreilly.com.

Acquisitions Editor: Mary Preap Proofreader: Amnet Systems, LLC.

Development Editor: Jill Leonard Interior Designer: David Futato
Production Editor: Caitlin Ghegan Cover Designer: Karen Montgomery
Copyeditor: nSight, Inc. Illustrator: Kate Dullea

November 2021: First Edition

Revision History for the First Edition

2021-11-16: First Release

The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. IT Necessities for
a Distributed World, the cover image, and related trade dress are trademarks of
O’Reilly Media, Inc.
The views expressed in this work are those of the author(s) and do not represent the
publisher’s views. While the publisher and the authors have used good faith efforts
to ensure that the information and instructions contained in this work are accurate,
the publisher and the authors disclaim all responsibility for errors or omissions,
including without limitation responsibility for damages resulting from the use of or
reliance on this work. Use of the information and instructions contained in this
work is at your own risk. If any code samples or other technology this work contains
or describes is subject to open source licenses or the intellectual property rights of
others, it is your responsibility to ensure that your use thereof complies with such
licenses and/or rights.
This work is part of a collaboration between O’Reilly and JumpCloud. See our state‐
ment of editorial independence.

978-1-098-11212-7
[LSI]
 Table of Contents

Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

1. The Modern Business Landscape. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

How the Pandemic Changed Work as We Know It 1
Implications for IT Teams 2
Remote Work Permanence 5

2. The Building Blocks of a Modern IT Infrastructure. . . . . . . . . . . . . . . . 7

Guiding Principles for a Distributed Infrastructure 7

3. The Directory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Directory Protocols and APIs 12
Recommended Directory Functionality for Distributed
Environments 14
Directory Options 17
Factors to Consider 19

4. Security Best Practices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Zero Trust Security 21
Establishing Zero Trust in a Distributed Environment 22
Segmentation 23
Encryption 23
Testing 24
Redundancy 24
Reporting and Review 25
Employee Training 26

v
5. Implementing Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Optimizing Budget and Resources 31
Making the Case to Leadership 33
Closing Thoughts 36

vi | Table of Contents
 Introduction

Where were you when the world went remote?

Most people in the working world remember this moment vividly.
The rush to shift into remote work mode was almost universally
chaotic in the spring of 2020—and for those of us in IT, we faced an
extra set of challenges: how can you reconfigure your entire IT
infrastructure environment to support a decentralized workforce?
Got the answer? Great. You have eight hours to make it work.
That’s how it went for many businesses that had to throw together a
short-term remote solution without the luxury of allowing for
extended downtime to make it happen.
Others were too limited in resources, expertise, and existing pro‐
cesses to make the immediate switch, and they remained on prem‐
ises. Many of these businesses experienced significant hardship as a
result of their inability to go remote.
The resulting business landscape now includes many businesses
operating on hastily thrown-together infrastructures and others still
working to move to a remote model. And while many of us thought
that remote work was a temporary solution to an immediate prob‐
lem that would soon blow over, the severity of the pandemic and
benefits of remote work have caused the distributed workforce to
form more permanent roots.
Now, distributed environments are firmly embedded within the
modern business world, establishing a foundation for flexible, scala‐
ble businesses and happy and productive employees. In fact, hybrid
and remote models are no longer a nice-to-have but rather a busi‐
ness necessity.

vii
However, distributed infrastructure models, which power remote
and hybrid-remote work, are distinctly different from traditional
business models. They require the right configurations, tools, secu‐
rity, and processes to succeed. IT professionals need to pivot to meet
these new needs.
This report is intended for cloud-based or partially cloud-based
organizations—particularly small and medium-sized enterprises
(SMEs) working with lean teams and tight budgets—looking to
build or mature their distributed infrastructure. For those that went
remote in 2020, it’s time to reconfigure your temporary remote solu‐
tions to more mature, long-standing ones; for new businesses look‐
ing to pivot to remote work or build from the ground up, take your
clean slate as an opportunity to build strategically, holistically, and
purposefully.
This report will give you the building blocks, tools, best practices,
and implementation insights you’ll need to build a successful,
secure, and future-proof distributed IT infrastructure.

viii | Introduction
 CHAPTER 1
The Modern Business Landscape

How the Pandemic Changed Work

as We Know It
From the time computers first were introduced as business tools
until the early 2000s, the operational norm was to host all network‐
ing infrastructure on company premises. In addition to on-premises
equipment, companies purchased hardware-based tools and appli‐
cations rather than using subscription-based services. This required
everyone to work in close physical proximity to the IT resources
they needed, tethered by a LAN, local WAN, or bandwidth-eating
VPN and accessing resources from on-premises servers and devices.
The advent of cloud computing and software as a service (SaaS)
challenged these norms and created the possibility of a distributed
world. However, the initial shift toward distributed environments
was gradual and fraught with new challenges.
While the cloud and SaaS offered companies the ability to broaden
resource and workplace accessibility, they also introduced new IT
complexities and security risks. IT professionals needed to approach
this technology carefully and intentionally to succeed with it. In the
years following the introduction of cloud and SaaS into the business
world, that’s what we saw: a slow progression toward a distributed
environment.
The coronavirus pandemic catalyzed this migration, and human
needs became the driving force behind the fast adoption of a

1
distributed world. SaaS and cloud technology were the key support‐
ing forces that facilitated the shift. Now, employee and employer
benefits indicate that the shift is positioned to become permanent.

Implications for IT Teams

This new distributed world has significant implications on the IT-
to-end-user relationship as well as infrastructure and technology;
these implications call for IT teams to change how they operate and
pivot to emerging solutions to meet these needs.

The IT/End-User Relationship

Just as companies used to operate fully on-premises, IT teams
almost always operated in person before the pandemic. The business
standard was that IT personnel were in the office or close enough to
make an in-person visit upon request. When the world went remote,
IT teams needed to figure out how to pivot their operations to con‐
tinue serving their organization remotely.
The shift to remote had a ripple effect into many areas that created
additional challenges for IT:
Increased demand from users
In a new, less regulated environment, more users need help, and
more frequently. The variety and complexity of their requests
also increased: users need help with everything from trouble‐
shooting their WiFi connections to network hardware and con‐
figuration recommendations.
Despite some of these requests falling outside IT’s scope, allow‐
ing them to go unaddressed is an ultimate risk to the business’s
bottom line. Thus, IT must handle higher demand while
expanding their breadth of expertise and service.
Decreased IT efficiency
Like many other departments, many IT teams’ efficiency drop‐
ped when they first went remote. Each request took more time
to complete than it did in person because they didn’t have the
tools or processes to address them remotely, and IT employees
faced a higher volume of more difficult tasks. IT teams need to
adopt technology and practices that offset this productivity
drop.

2 | Chapter 1: The Modern Business Landscape

Infrastructure and Technology
When the workplace became distributed, IT needed to find a way to
connect employees to the resources they needed, regardless of where
they were working from. Access needed to be seamless, secure, and
robust, extending to all the resources employees needed to be as
productive as they were in the office.
This new level of accessibility called for changes to IT technology
and infrastructure, namely:
Higher volume and complexity of application integration and
automation
IT teams shifting to distributed environments face a steep learn‐
ing curve in both the depth and breadth of integration and
automation required to power resource access. SAML (Security
Assertion Markup Language) and SCIM (System for Cross-
domain Identity Management) are key protocols in facilitating
remote access. IT professionals need to know these inside and
out to function within a distributed infrastructure.
Prioritized user experience
Technology needs to be accessible and user-friendly to both
users and admins to empower the IT team and enable employ‐
ees; otherwise, IT risks facing an ever stronger deluge of help
desk tickets due to poor and confusing user experiences. In gen‐
eral, IT teams need to power end-user autonomy with self-
service resources.

Emerging Solutions
IT teams have been innovating and working quickly to find ways to
accommodate their newly distributed environments. While increas‐
ing headcount is sometimes part of the solution, SMEs are often
working under more restrictive budgets. As such, some of the
budget-friendly solutions that help address the challenges I outlined
above include:
Integration and automation
Although integration and automation are necessary to power
resource access, IT teams have found that they are also the
secret to success in improving efficiency and revitalizing the IT/
end-user relationship.

Implications for IT Teams | 3

 Some of the most critical instances of automation-solving for IT
challenges include zero-touch deployment, just-in-time provi‐
sioning, and automatic deprovisioning, which I’ll detail further
in Chapters 4 and 5.
Employee self-service
In addition to this emerging technology, companies are turning
to end-users as solutions to growing issues through self-service.
Now that employees are working unsupervised, IT teams are
entrusting them with more basic IT functionality. Setting up
one’s computer, for example, can be a self-guided exercise that
only involves IT when someone runs into an issue. Self-guided
application setups, troubleshooting documentation, and other
self-service resources can help reduce the burden on IT.

Creating these resources and empowering employee

autonomy require good process documentation and
communication, which rely on a strong internal grasp
of processes. Self-service documentation should also
be updated regularly to avoid users needing IT help to
address outdated instructions.

Identity-driven policies
With individuals trying to access resources from different loca‐
tions and devices, IT needed to shift from IP- and perimeter-
based security to identity-driven security. Policies that govern
users with role-based permissions facilitate access to distributed
resources and streamline the user experience. They also auto‐
mate provisioning, authentication, and authorization, relieving
IT of some of the burden of onboarding, tool-based permission
configuration, and password lockout issues.
Unified, proactive telemetry systems
In a distributed environment, successful security requires both
insights and proactive prevention that can accommodate the
distributed infrastructure. Ideally, these insights should be
administered across a unified network to provide thorough
reporting on the people, devices, and activity across the dis‐
tributed network. Further, proactive threat detection and intelli‐
gent activity reporting help prevent threats and alert IT teams to
suspicious activity.

4 | Chapter 1: The Modern Business Landscape

Cloud directory services
The key to achieving unified operations and insights is a cloud
directory. While there are many cloud directory options avail‐
able (detailed in Chapter 3), robust directories can manage
identities, devices, networks, and access to cloud and on-prem
resources (among many other functions). This breadth of ser‐
vice is well-suited to a distributed infrastructure due to its wide
reach and ability to connect users to many different types of
resources. Further, some cloud directory services include robust
telemetry, which can help optimize costs.

Remote Work Permanence

Because employees were the driving force behind the shift to remote
work, the benefits and satisfaction they enjoyed after doing so are
clear indicators that remote work is becoming a permanent solution.
A Global Workplace Analytics study found that employees working
from home half of the time saved an average of $600–$6,000 per
year on personal expenses related to working outside the home such
as the costs of commuting, parking, and food. Many studies have
been published that demonstrate most workers also prefer remote
work: 30% of the US workforce would not consider applying to a job
without remote options, and 70% would take pay or benefits cuts to
preserve their ability to work remotely. This sentiment is especially
strong in the IT industry. While opinions can fluctuate over time, as
of a 2021 study by Terminal, 83% of software engineers prefer
remote work the majority of the time.
On the business side, distributed workforces enable you to hire from
anywhere around the world, significantly widening the talent pool.
In addition, remote workforces offer higher productivity, lower
absenteeism and turnover, and savings on in-office space and over‐
head. The same Global Workplace Analytics study estimated that
these benefits amounted to $11,000 of annual savings per hybrid-
remote employee working from home 2.5 days per week.
In addition, the cloud’s explosive growth is an indicator that the
business world is ready to support permanent remote work. The
global IaaS market produced about US $12 billion in revenue in
2010 and is now expected to exceed US $623 billion in revenue in
2025, demonstrating a tremendous explosion in cloud adoption.
Additionally, O’Reilly’s research from 2020 found that more than

Remote Work Permanence | 5

88% of organizations use cloud services to some extent or another,
and most respondents expected their cloud usage to grow in the
next year. Further, in August of 2021, JumpCloud surveyed over 500
SMEs on their remote work plans in the face of the COVID-19 Delta
variant and found that 70% of companies have extended their
remote policies indefinitely, as shown in Figure 1-1.

Figure 1-1. A recent JumpCloud survey of over 500 SMEs suggests that
remote work is becoming a permanent business reality.

The sooner you embrace cloud services to support your distributed

workforces, the better prepared you will be for possible future dis‐
ruptions and changing workforce needs.

6 | Chapter 1: The Modern Business Landscape

 CHAPTER 2
The Building Blocks
of a Modern IT Infrastructure

Guiding Principles for a Distributed

Infrastructure
Remote work is not without its challenges, and the failure to build
or pivot to a distributed infrastructure effectively can have serious
ramifications, from creating unnecessary bottlenecks to exposing
your organization to a security breach that could have been preven‐
ted. To optimize your resources and implement a distributed infra‐
structure successfully, consider the following five guiding principles.
They will help you protect your business, optimize efficiency, ease
growing pains, and keep initiatives aligned with overarching busi‐
ness goals as you adapt to a distributed world.

1. Approach Your Distributed Environment Strategically

Because a distributed IT infrastructure contains many moving parts
that need to work together seamlessly, they are most successful
when planned strategically from the outset. However, the need for
quick solutions and the ease of getting small initiatives approved
over big overhauls make it easy to fall into planning as you go. Keep
strategy in mind as you design and optimize your distributed
environment.
Further, fight the urge to approach your distributed environment
piece by piece. Maintaining a holistic view of your infrastructure

7
will ensure your IT decisions move your organization closer to its
goals. It will also prevent a piecemeal approach that can fracture a
distributed infrastructure with unoptimized integrations, deviating
data, and multiple sources of truth.
Best practice: early consultation with stakeholders
When planning, engage stakeholders across the organization in
initial conversations to account for the diverse needs of all
teams. This will not only save time and possibly money later,
but it can also prevent team member frustration if they feel their
needs weren’t considered.
Best practice: plan up front
It’s tempting to roll up your sleeves and dive straight into pur‐
chasing software and implementing processes. However, think‐
ing about the needs of your business today and strategically
selecting partners who will help your enterprise scale tomorrow
will save you time later.

2. Put Security First

In the modern business environment, security requires more than
just firewalls and antivirus software; it encompasses everything from
physical security (for office spaces, devices, and assets) to network
and endpoint security, and everything in between. As the traditional
perimeter model of security loses its effectiveness, strategic and
robust security become critical.
Chapter 4 details security best practices for a distributed environ‐
ment, but at a high level, remember to keep security strategic and
prioritize it in every IT initiative. If you can imagine a way your
technology could be exploited, hackers can too.
Best practice: start with Zero Trust
Start with a strong foundation of Zero Trust. Perimeter-based
security is no longer viable in distributed environments, making
the switch to Zero Trust a critical initial step.

3. Prioritize Resource Access

Distributed environments can hinder resource access when not set
up correctly. However, remote and hybrid-remote environments
should never hinder an employee’s productivity; employees should

8 | Chapter 2: The Building Blocks of a Modern IT Infrastructure

be able to access the resources they need to do their work wherever
they are.
Best practice: integrate and automate
Integration and automation are key to facilitating easy resource
access for users. Ideally, these should be facilitated through a
directory service that manages user access to all the resources
employees need to do their work—and sometimes much more.
I’ll dive into the possibilities of the directory in Chapter 3.

4. Maintain Full Visibility

You should always be able to see all the traffic on your network,
from core infrastructure to endpoint, at both a bird’s eye view and
granular level. Maintaining full visibility can be more difficult on a
distributed network, which makes it all the more necessary to pri‐
oritize and invest in the proper visibility tools.
Best practice: directory-driven insights
Invest in a directory that can centralize the resources in your
distributed infrastructure and deliver clear, robust, and unified
insights. This facilitates effective monitoring and close analysis.

5. Future-Proof with Flexibility and Scalability

As many companies don’t have their long-term growth mapped out
to a granular degree, your IT plan and technology should be able to
pivot quickly and grow as the company does. Cloud-based solutions
foster flexibility and scalability more easily than on-premises solu‐
tions by eliminating the long-term commitments of hardware own‐
ership and allowing for quick changes through subscription-based
services.
Best practice: scale teams with automation
Your people, as well as your technology, need to be flexible and
scalable in a distributed environment. Implement automated
onboarding and offboarding to help teams scale.
Best practice: keep your team flexible
IT teams adopting a distributed infrastructure will need to mas‐
ter new skill sets, adopt new processes, and re-allocate certain
activities to employee self-service and automation. While these
actions will set you up for success in the current business
environment, remember that you and your team will likely need

Guiding Principles for a Distributed Infrastructure | 9

 to adapt again as solutions evolve. Encourage your team to stay
up-to-date on current trends, invest in ongoing training and
certifications, and instill a culture that embraces change.

10 | Chapter 2: The Building Blocks of a Modern IT Infrastructure

 CHAPTER 3
The Directory

Because distributed workforces fully rely on the ability to connect

remote, mobile, and in-office users with the resources they need, a
directory system that can accomplish this is one of the most critical
elements of your cloud-based IT infrastructure.
At its core, a directory is essentially a database that stores informa‐
tion about users and connects them to resources. Some directory
services remain fairly true to this format while others have expanded
to include robust functionality that helps unify distributed environ‐
ments. Companies more frequently choose the latter option because
it’s the more robust solution that can centralize user management
and connect users to their resources from wherever they are. The
alternative is to invest in several separate solutions and attempt to
integrate them all seamlessly to achieve the same result.
To find the right directory solution for your organization, it’s impor‐
tant to understand the different types of directory solutions on the
market and the functionalities they may offer. Because directories
have such a wide range of capabilities, I’ll outline some of the main
protocols, APIs, and functionalities in this chapter to help you weigh
your options. I will also cover common directory solutions many
companies choose and key factors to consider when making your
decision.

11
Directory Protocols and APIs
While some directory implementations use only one protocol, oth‐
ers use a combination of many protocols and APIs to broaden the
directory’s scope. When weighing directory solutions, consider the
protocols each one uses to determine which resources will be com‐
patible and whether they can accomplish your goals:
SAML
SAML (Security Assertion Markup Language) is one of the most
common and important protocols in a distributed environment.
It uses Extensible Markup Language (XML) certificates to
authenticate users to an application through an identity pro‐
vider (IdP) as shown in Figure 3-1.

Figure 3-1. The SAML protocol is one of the most critical to pow‐
ering a distributed environment. It authenticates users to applica‐
tions through an IdP in six steps.

Directories use this protocol to authenticate users to web-based

resources, and one of its benefits is that it can relay more than
basic authentication information. It can also pass along infor‐
mation like user attributes and group membership to help the
client authorize appropriate access. This helps transmit the
organization’s identity-driven policies to more resources on the
network.

12 | Chapter 3: The Directory

SCIM
SCIM (System for Cross-domain Identity Management) is
another critical protocol for supporting a distributed infrastruc‐
ture. SCIM is an API-driven protocol for identity management
in cloud applications. It facilitates user provisioning and man‐
agement, streamlining onboarding and improving the user
experience.
LDAP
LDAP (Lightweight Directory Access Protocol) has powered
directories since the early ’90s. While it was once the gold stan‐
dard for directories, it is now one of many protocols most direc‐
tories use to connect users to their resources. LDAP is available
on cloud servers as well as on hosted ones, and can connect
users to resources such as:
• Technical applications
• Server infrastructure
• File servers
• Networking equipment
RADIUS
RADIUS (Remote Authentication Dial-In User Service) pro‐
vides authentication, authorization, and accounting (AAA) for
users accessing a network service. As its name suggests,
RADIUS was originally developed in dial-up internet days;
however, like LDAP, it has adapted to meet evolving needs.
Now, RADIUS can authenticate users to WiFi, VPNs, and other
network services. This is a more secure solution than WPA2
shared keys, as it eliminates the need for a shared password and
can use EAP-TTLS-PAP password encryption or EAP-TLS for
passwordless, certificate-based authentication.
Kerberos
Kerberos is a network authentication protocol that uses secret
key cryptography. The protocol uses time-based/renewable/
expiring tickets, which transmit third-party-generated encryp‐
tion keys to both the client and server for authentication. Ker‐
beros is used extensively in Microsoft products, like Windows
and Active Directory. Because organizations are moving toward
cloud-based directories, Kerberos has dropped in popularity.

Directory Protocols and APIs | 13

OAuth
OAuth facilitates secure delegated access from one web server to
another. It is helpful when coordinating activity between two
unrelated web servers that both require authentication before
authorization. For example, OAuth can be used to bind two
unrelated web-based directories together. OAuth’s ability to del‐
egate access also makes it another helpful protocol for single
sign-on (SSO) functionality. OAuth 2.0 is the most current and
standard version.
WebAuthn
WebAuthn is an open API that facilitates passwordless authenti‐
cation for web applications. As the official standard for web-
based passwordless authentication, WebAuthn uses public-key
cryptography to authenticate via registered devices, security
keys, biometric data, and other nonpassword factors. Directo‐
ries that include WebAuthn can replace the traditional user‐
name/password login process with a more secure and user-
friendly authentication process in WebAuthn-compatible web
applications.

Recommended Directory Functionality for

Distributed Environments
Identity Management
Identity-driven policies are the crux of a functional distributed
workplace; thus, identity management is a critical element of the
modern directory:
IAM
When a directory service offers identity and access manage‐
ment (IAM), it doesn’t just store identity information; it also
connects identity information with access information. The
result is a more robust solution that can store and apply infor‐
mation about a user’s access privileges, authentication and
authorization data, and more. The directory’s IAM should act as
a single source of truth across resources on the distributed
network.

14 | Chapter 3: The Directory

User lifecycle management
User lifecycle management includes provisioning, managing,
and deprovisioning a user’s identity and resources. Robust user
lifecycle management should be able to track all of a user’s
resources—whether on premises or in the cloud—throughout
the user’s tenure at the organization.

Device Management
Remote and distributed environments tend to take on more devices
that are subject to less regulation. Mobile device management
(MDM) is a baseline must for managing these devices; however, we
recommend a directory solution that combines IAM and MDM.
This combination, called unified endpoint management (UEM),
connects information about users and devices, assigning users to
specific devices and allowing administrators to manage devices as
well as identities.
UEM powers capabilities like setting device rules and configurations
based on user roles and permissions, tying multi-factor authentica‐
tion (MFA) and conditional access policies to users’ assigned devi‐
ces, and remotely onboarding users and setting up their devices. In a
distributed environment, directory-driven UEM helps maintain
unified management, delivers more intelligent insights, and allows
for more granular identity-driven policies.

Network/VPN Management
Some directory solutions include network and VPN authentication
and management protocols, like RADIUS. This allows administra‐
tors to manage network security and to include networks and VPNs
in conditional access policies.

MFA
Some directory services now offer MFA on top of their access man‐
agement services. MFA allows the directory to layer the authentica‐
tion process with multiple factors for added security. MFA is a key
element of Zero Trust, which is a highly recommended security best
practice for distributed environments. MFA and Zero Trust is
detailed further in Chapter 4.

Recommended Directory Functionality for Distributed Environments | 15

SSO
SSO as part of a directory service facilitates a user’s secure authenti‐
cation to all their resources with one set of credentials by using vari‐
ous authentication protocols (SAML and SCIM are common ones)
for different resources. SSO within a directory service works best
when the directory service is robust; if the directory can point the
user to all the tools they need, then SSO can do the same, gating all
resources behind one user-facing login action.

Reporting
Because unified, proactive telemetry is a necessity in distributed IT
environments, it is best delivered by the directory, which should act
as your organization’s core unifying solution. Insights should be
deep yet easy to use to help administrators keep a close handle on all
activity. The right reporting in a robust directory can help IT
administrators manage everything from security to budgeting: they
can receive flags for security concerns, take deep dives into activity
trends, and find opportunities to lower licensing costs by identifying
tools that are paid for but underused, for instance.

Automation
As previously mentioned, automation is one of the pillars of sup‐
porting distributed environments. While not all directories offer
robust automation, some can automate almost everything, from
security alerts to account provisioning to data exports. Directories
that include automation significantly reduce the burden of ongoing
maintenance and management, facilitate scalability, and optimize
resources:
JIT provisioning
Just-in-time (JIT) provisioning is a SAML-based process that
triggers automatic account creation the first time a user accesses
a site. This process reduces onboarding time on the IT side and
streamlines the user experience. Directories that enable JIT pro‐
visioning often roll it into their SSO store, resulting in a process
where new users never have to create accounts or remember
automatically assigned account login information.

16 | Chapter 3: The Directory

Onboarding
Automation is critical to facilitating remote onboarding and off‐
boarding in remote environments. While the traditional
onboarding method of physically setting up devices and
accounts may be feasible for one new user, it quickly becomes
unmanageable if you need to onboard several people at a time—
especially when doing so remotely. Automation drastically
reduces the amount of time it takes to onboard each new
employee, enabling smooth growth and a better experience for
the IT admin and the user.
Offboarding
Manual onboarding is significantly more time-consuming and
labor-intensive than manual onboarding. Additionally, leaving
resources allocated to users who have left the organization is a
common mistake but a severe security risk. These factors make
automated offboarding one of the most important functions a
directory can offer to a remote or hybrid-remote organization.
In addition to the security and efficiency benefits, automated
offboarding with an IAM-driven directory helps ensure depro‐
visioning goes smoothly—especially when revoking access from
critical accounts, like admin users.
Zero-touch deployment
Zero-touch deployment is essentially the de facto solution to
fully remote onboarding. It allows IT administrators to
remotely preconfigure systems, eliminating the steps of ship‐
ping devices to the IT admin or having them come in to config‐
ure the devices and then reshipping them to the end user. With
automated onboarding and zero-touch deployment, the major‐
ity of the onboarding process happens without human interven‐
tion. This is key to supporting a scalable distributed model.

Directory Options
There are several directory providers and formats on the market.
This section will cover popular directory choices, including market
leaders and emerging competitors.

Directory Options | 17
Open-Source, Self-Managed Directory
Because some directory protocols are open source, like LDAP, it’s
possible to create a directory from scratch and manage it in-house,
without investing in directory software or services. This solution is
the cheapest up front but requires the highest degree of expertise,
which can be expensive to source. Additionally, these directories
also tend to have the most limited functionality of all the directory
options, as creating a directory based purely on an open source pro‐
tocol would accomplish only what the chosen protocol can enable.
This is in stark contrast to multiprotocol directory services and soft‐
ware, which include additional features and functionality.
Even “prebuilt,” open source software like OpenLDAP, while easier
to use than building from scratch, is still code-heavy and requires
significant expertise to operate and manage. OpenLDAP, for exam‐
ple, is free open source software that includes highly focused func‐
tionality exclusive to the LDAP protocol. While this is a bit easier to
use than starting from scratch, its reliance on code and lack of user
interface makes it more challenging to use than feature-rich, GUI-
supported software.
If you want to go this route, you can do so with cloud LDAP servers
to make them compatible with a distributed network.

On-Premises Directory
Directories were all originally hosted on premises, as they were
developed before the modern public cloud was. As such, many
directory services are still based on premises, although they are
beginning to expand to accommodate cloud-based sources with
extensions, protocols, and APIs.
Microsoft Active Directory is one such directory that can accommo‐
date cloud resources, but maintains on-prem roots, and cannot exist
solely in the public cloud. And while Azure Active Directory pro‐
vides cloud options, it still relies largely on a local base directory
infrastructure.
While it’s possible to extend on-prem directory solutions like Active
Directory into the cloud to support a distributed environment,
doing so requires add-ons that tend to decentralize your organiza‐
tion’s data and infrastructure. For organizations looking to move
off of legacy systems and new, born-in-the-cloud startups alike,

18 | Chapter 3: The Directory

adopting on-prem hardware is a significant resource burden and a
step backwards. These companies often fare better with cloud-based
directories.

Cloud Directory
While the original directory was fully on premises and connected to
other on-prem resources, directories are now moving toward the
cloud to help companies manage and employees connect to all com‐
pany resources—not just on-premises ones. This option is ideal for
most companies supporting distributed infrastructures.
In cloud-based directory models, the company subscribes to a cloud
directory service or platform, which includes both the hardware and
software components of the directory (all cloud-hosted). This elimi‐
nates the need to host and maintain directory infrastructure and
makes the directory highly flexible and scalable. Further, as cloud
directories are more modern, they tend to offer more abundant and
relevant functionality. Some of these benefits include (but are not
limited to) cloud-based authentication protocols; remotely accessi‐
ble, browser-based access for users and administrators; and mobile
device compatibility and management.
Note that it’s possible to combine more than one directory service.
While one centralized directory service is often the best-case-
scenario solution, companies already working with one but looking
to add functionality can bind directories to one another. This is a
viable option for companies tied to a legacy system or looking to
make a controlled transition.

Factors to Consider
With the different providers and formats of a directory service
defined, there are three central factors to consider when adopting
one.

1. Flexibility and Scalability

Following the guiding principles to a distributed network outlined
in Chapter 1, your directory should be flexible and scalable. Cloud-
based directories generally offer more than their on-prem counter‐
parts in this regard.

Factors to Consider | 19
2. OS Support
Certain directories work better with certain operating systems.
Microsoft Active Directory, for instance, is notorious for being more
compatible with Microsoft Windows than with other operating sys‐
tems. Consider the devices your company plans to support—not just
now, but in the future as well. While Microsoft used to be the busi‐
ness standard and many companies started out as Microsoft-
exclusive, other operating systems are becoming more common in
the workplace. A vendor-neutral directory system that includes
standards-based features and functionality and has few proprietary
solutions can help your organization stay independent and pivot
nimbly where needed.

3. Centralization
While there are merits to both, full-featured solutions tend to be
more secure and better-suited to distributed environments than
single-purpose ones. Without a full-featured solution, organizations
with distributed networks generally need to supplement their direc‐
tory with several other tools. This creates more possible points of
failure and more opportunities for information to disperse, deviate,
and deteriorate in integrity. This was less of an issue in on-prem
environments, but in distributed ones, there’s a wider variety of
resources to unify and less supervision to keep data on track. Cen‐
tralized, full-featured solutions eliminate the need to supplement
your directory with additional tools, generating savings in time,
product, and personnel.

20 | Chapter 3: The Directory

 CHAPTER 4
Security Best Practices

When companies made the quick shift to remote work, many had to
prioritize speed over optimization, which led to security vulnerabili‐
ties in their infrastructure. Further, the tumultuous business land‐
scape pulled leadership’s focus away from security, causing many
businesses to overlook those vulnerabilities. Hackers, however, are
adept at spotting and exploiting them. As such, security must be
integrated into every element of your IT infrastructure and
processes.
In this chapter, we’ll discuss the key approaches and tools to estab‐
lishing reliable security in your distributed organization.

Zero Trust Security

According to the JumpCloud 2021 State of the SME IT Admin
Report, Zero Trust security has already been adopted by 24% of sur‐
veyed organizations and another 33% plan to adopt it. Inevitably, all
organizations will need to adopt Zero Trust security sooner rather
than later.
At its core, Zero Trust is a simple concept: trust nothing, verify
everything. This approach emerged as a response to the inadequa‐
cies of perimeter-based security in the face of distributed networks.
On-prem environments were well-suited to a perimeter security
model, where the building provided a layer of physical security and
the network was similarly guarded by a physical security perimeter
made up of firewalls, antivirus software, and VPNs protecting the

21
crown jewels within the network. However, perimeter-based secu‐
rity proves inadequate in protecting distributed environments.
With Zero Trust security, devices and identities are never intrinsi‐
cally trusted and are required to authenticate their identities before
they’re authorized to access any resource. This goes beyond tradi‐
tional perimeter-based security, which only verifies identities before
granting them access to the central network; once inside, users
maintain their level of trust and only need to abide by the security
that each resource prescribes independently. This relies on individ‐
ual resources to uphold sufficient security, becomes time-
consuming for the end-user, and complicates management
significantly. Zero Trust is an absolute necessity when it comes to
securing your organization’s data in a distributed environment.
Breaching one perimeter is much easier for cyber attackers than
having to authenticate at every point of entry on your network.

Establishing Zero Trust in a Distributed

Environment
As Zero Trust was designed to address the issues of a distributed
environment, Zero Trust–based tools and tactics go hand-in-hand
with remote and hybrid-remote environments. They help establish
identity-driven policies and take a holistic approach to security. The
following tools and tactics are recommended steps to implementing
Zero Trust in a distributed environment.

Multi-Factor Authentication (MFA)

Zero Trust security heightens its standards of authentication, pre‐
scribing complex authentication over a simple username/password
combination. MFA achieves this by requiring more than one
authentication factor verifying a user. This exponentially increases
security and eliminates the vulnerabilities of common passwords,
making it a critical component of Zero Trust.

Single Sign-On
SSO should always use MFA during authentication; however, once
authenticated, it allows users to access their applications without
logging into each application individually. It accomplishes this
without sacrificing security by using secure authentication proto‐

22 | Chapter 4: Security Best Practices

cols. These authentication exchanges happen without action on the
user’s part, delivering a secure, seamless experience.
SSO solutions typically work well with web-based authentication.
And when combined with a centralized directory, they can extend to
all of the resources the directory connects to—with a robust direc‐
tory, that’s just about everything.

Principle of Least Privilege

In a Zero Trust environment with identity-driven policies, permis‐
sion assignment should always follow the principle of least privilege
(PoLP): assign each user the least amount of privilege they need to
complete their work. In a distributed environment where IT relies
heavily on automation, this is critical to correctly provisioning and
authorizing users to their resources. PoLP prevents both malicious
activity and human error, which can result in data breaches and
misuse.

Segmentation
Network and infrastructure segmentation can play critical roles in
attack mitigation. However, segmentation should be strategic and
complementary to environments and workflows to avoid siloing and
unnecessary information dispersal. While centralization is beneficial
to maintaining data integrity and unification, segmentation in mod‐
eration can regulate data access and minimize damage from
breaches.
VLAN segmentation, for example, is a common method for secur‐
ing WiFi networks. Admins segment networks based on roles and
permissions, following PoLP. Some directories can facilitate
dynamic VLAN provisioning, automatically assigning users to the
appropriate network based on their permissions.

Encryption
Data should always be encrypted in transit and at rest. Ensure your
directory uses secure, encrypted protocols for authentication and
authorization, and check the encryption policies on other applica‐
tions—especially those used to store or share information, like
collaboration and file-sharing tools.

Segmentation | 23
In addition, require all devices on the network to enable full-disk
encryption. Some directory services with device management capa‐
bilities allow you to enable and enforce this policy remotely.

Testing
Organizations should conduct periodic security testing to ensure
ongoing security. We recommend the following tests and checks.
These suggested frequencies are minimums; always err on the side
of too often than not often enough:

• Phishing tests: once per quarter.

• Penetration tests: once every six months.
• Vulnerability scans: once per quarter; every other vulnerability
scan can fall under the scope of a penetration test.
• Full-risk assessments: once every six months, or when new tech‐
nology is added to your stack.
• Application-specific security checks: frequency varies by appli‐
cation. Mission-critical ones, like your directory, should be
checked at least once per quarter.

Redundancy
On principle, your IT infrastructure should never be subject to a
single point of failure. Redundant infrastructure reduces downtime,
protects data, and recovers quickly when facing a breach. This
requires systems like data backups, high-availability (HA) clusters,
and WAN failover configurations. To optimize your redundant
setup, identify all mission-critical functionality, and make sure it’s
prioritized in your backup configurations.
Redundancy configurations are sometimes described in terms of N,
where N is the single-point-of-failure infrastructure. Thus, an N + 1
approach supplements the infrastructure with one independent
backup point; 2N duplicates the entire infrastructure. Lean IT teams
often take an N + 1 approach, but 2N is more secure and preferable.
Even better, 2N + 1 duplicates the entire infrastructure and adds
another independent backup point.
For any data you store on premises, the 3-2-1 backup rule is a good
baseline to use to ensure the data is sufficiently backed up with

24 | Chapter 4: Security Best Practices

redundancy: store three copies of your data on at least two different
types of media, with one copy of your data stored off site.
Redundancy and backups are especially important in distributed
environments, which are fully reliant on cloud infrastructure availa‐
bility and uptime. Fortunately, cloud providers often provide redun‐
dancy and failover as part of their offerings. Make sure all your
providers guarantee high uptime and check your cloud provider’s
SLA and policy on redundancy to ensure secure backups and
prompt reaction to any issue or downtime.
Multicloud solutions can also provide redundancy with an extra
layer of security: if one cloud provider is compromised, the data
would still remain intact with the other provider as well. Organiza‐
tions using multiple cloud providers might consider hosting their
most critical data with more than one of the providers for a fail-safe.

When establishing a redundancy plan, be careful to

clearly assign sources primary or backup status. Create
controls that restrict access to backup data. Allowing
users access to backups can quickly confuse things,
compromise the integrity and centrality of your data,
and endanger the safety of your backups.

Reporting and Review

As I discussed previously, unified and proactive reporting is key to
supporting a distributed environment. There are a few tools and
practices that can facilitate reporting, monitoring, and management:
SIEM (security information and event management)
SIEM can be helpful technology for creating automated alerts,
helping IT respond quickly to issues, and preventing missed
events of note.
Reporting tools included with existing solutions
In distributed environments, robust insights from cloud provid‐
ers and cloud directory solutions can be especially useful.
Automated data exports
Automated exports of reporting data can help your team
develop workflows around reviewing and storing insights.

Reporting and Review | 25

Security-specific tools
There are many security tools on the market, from robust, AI-
powered software that spans your entire infrastructure to more
tailored and focused security tools for specific needs. Different
tools can offer reporting, automatic alerts, intelligent automated
response to suspicious activity, and more.
Contracting with a managed service provider (MSP)
Working with an MSP is becoming increasingly common in IT
organizations; the JumpCloud 2021 State of the SME IT Admin
Report found that 84% of the respondents were already engaged
or planning to engage with an MSP. You can contract with an
MSP for different levels of service; 24/7 monitoring and man‐
agement is a popular service that helps supplement your IT
team during and outside of your organization’s work hours.

Employee Training
Regardless of office setup or IT environment, employees need to
know how to use the tools they’re given. This need is amplified
when employees are working from different locations, often without
in-person supervision. Skipping or downplaying employee training
can lead to incorrect tool usage, shadow IT, and a lack of security
best practices knowledge. This, in turn, creates inefficiencies, dis‐
crepancies, and security vulnerabilities.

Security Awareness and Behavior Training

Security training should include both awareness and behavior train‐
ing. Security awareness should inform employees of the importance
of following security procedures; common threats to your employ‐
ees, customers, business, and industry; and the risks of breaking
security protocol. Security behavior encompasses how to recognize,
react to, and report threats.
Security training should empower employees to cultivate and con‐
tribute positively to a culture of security. Security training should
ensure employees understand the security risks present in their
working environment and best security practices for preventing and
reporting threats.

26 | Chapter 4: Security Best Practices

Topics should include:
Phishing
Train employees on the signs to look for and what to do when
they receive a phishing email. A formalized reporting process,
e.g., a designated company email account for reporting phishing
attempts, which the security team reviews, is recommended.
Password and authentication
IT should enforce MFA wherever possible and create password
length and complexity requirements for every resource. Note
that password length is now considered more important to
security than complexity.
Device security
Employees using personal devices must follow the company’s
AUP and security guidelines. In BYOD environments, this
includes downloading prescribed antivirus and antimalware
software, implementing updates when available, locking and
encrypting their devices, and avoiding sharing the device with
others.
Network security
When working outside the office, employees should understand
what makes an internet connection secure and avoid accessing
company resources on an unsecured network (like public WiFi).
Many companies require a VPN when working on an unse‐
cured network, and some solutions with conditional access poli‐
cies can automatically enforce this rule.
Secure communication
Employees should understand and follow best practices for all
communication channels. Employees should also understand
what data is considered confidential or PII (personally identifia‐
ble information) and rules around how to treat it. This should
include which channels are safe for discussing, saving, and
transmitting this data; how and where to store it; and how and
when to destroy it. Compliance guidelines may help inform this
messaging.
Media relations
Employees should understand company policies around what
to say and not say to media representatives (many companies
prescribe that no one except designated PR and leadership

Employee Training | 27
 personnel speak with media relations; all other employees point
media inquiries to a specified PR or leadership recipient).
While policies need to support the security stance and needs of an
organization, they should not be too onerous. If they are, people are
more likely to ignore them. Try to keep technical language accessible
and simple. Most employees won’t be interested in the intricacies of
how IT functions or how cybercriminals execute on threats; they
want to know what to do, what not to do, what red flags to look for,
and how to report them.

Tool Usage
Every tool should have a set of usage specifications that is communi‐
cated through both written and verbal training. Employees should
understand how to use each tool. Often, vendors provide end-user
training; use this where available and add in any company-specific
direction around usage.
If you have to create your own training for a tool, consider including
the following:
General usage
Clarify what the tool is used for and how to use it. Demos or
hands-on training are often helpful.
Acceptable use
Outline your company’s expectations around the tool’s usage.
These guidelines can help with security, privacy, and data
integrity.
Access parameters
How can they access the tool? Some directories offer policy cre‐
ation that can enforce these parameters automatically.
Security and compliance best practices
Clarify any security and compliance best practices and the
importance of following them.
Troubleshooting workflow
Where can employees go for help with the tool: the tool pro‐
vider, your help desk team, or another party?

28 | Chapter 4: Security Best Practices

Common misconceptions and issues
Check-in with your help desk team periodically once the tool is
in place to identify recurring issues. Work these common issues
and their solutions into your training to improve it over time.
Naming, saving, and sharing conventions
Make sure employees understand how and where to store data
and resources associated with the tool.
Understanding best practices is one thing; getting them approved
and putting them into action is another. In the next chapter, we’ll
discuss implementation processes and tips for garnering leadership
buy-in and approval.

Employee Training | 29
 CHAPTER 5
Implementing Solutions

Without leadership’s buy-in, it can be hard to get small initiatives

approved, let alone big overhauls. The best ways to do so are to find
solutions that optimize your resources and to make clear, compel‐
ling proposals to champion your solutions.
To help you put your best foot forward when designing your dis‐
tributed environment, this chapter covers tricks for optimizing your
budget, leadership’s top concerns, and how to draw up a winning
proposal. These are the real-life how-tos that will help you set up
your organization for success.

Optimizing Budget and Resources

According to the JumpCloud 2021 State of the SME IT Admin
Report, 58% of respondents said their organization planned to
spend more on remote management over the next 12 months, 56%
would spend more on security technologies, and 50% would spend
more on cloud services. This suggests that many SMEs already
accept the new distributed workforce reality and are willing to
devote the funds to support it successfully.
Despite a willingness to spend, SME budgets can be tight, and IT
teams need to figure out how to make the most of their resources.
The following are some opportunities to optimize spending, saving
where possible to delegate funds to mission-critical IT initiatives.

31
Automation
Automation helps supplement IT labor without incurring the costs
of personnel. Look for solutions that provide automation and iden‐
tify areas where you may be able to create custom automations for
your unique workflows.

Self-Service Technology
Self-service solutions are critical to creating companies that can
grow and scale. User self-service delivers both a positive user experi‐
ence and prevents overloading IT teams. This allows organizations
to keep IT department counts relatively small as they grow in a dis‐
tributed environment.

Strategic Staffing
As IT professionals today need to have a wider scope of knowledge,
versatility and broad experience are essential qualities when it comes
to building out your team—especially if you’re starting out lean.
Additionally, an interest in emerging technology and the ability to
learn quickly are choice qualities in IT professionals on a growing
IT team. Slight overlaps in skills can be advantageous when the team
is stretched thin or employees take time off.
At a minimum, your IT team should be able to cover the following
areas:

• Help desk/day-to-day items.

• Security.
• Expertise in all the tools that the IT team uses.
• Management or leadership to advocate for the team and bring
new IT-driven initiatives to leadership. This is sometimes
accomplished with project managers or individuals outside the
direct IT team.
• Support for non-IT initiatives. Sometimes, other departments
need IT’s help in planning a workflow, choosing a solution, or
configuring new technology.

32 | Chapter 5: Implementing Solutions

Look for Long-Term Wins
The solution with the lowest price tag won’t always be the most cost-
effective solution in the long run. Look for solutions with a high
ROI, which decreases your IT infrastructure’s total cost of owner‐
ship (TCO) over time. The long-term savings that moving to the
cloud generates are a great example of this. Comprehensive and
robust tools often generate similar savings when they can do the job
of several smaller point solutions.

Always Factor in Flexibility and Scalability

Look for solutions that allow you to pay as you go and only for what
you need rather than purchasing equipment or tools outright. These
allow for painless, cost-effective growth down the road. Cloud-
based infrastructure and SaaS tools are great candidates for this.

Making the Case to Leadership

Designing the optimal IT infrastructure for your distributed envi‐
ronment, identifying the right solutions, and coming up with win‐
ning strategies amount to nothing if leadership doesn’t approve
them. Making your case to leadership is an inevitable part of the job,
whether you’re appealing to an IT manager or director, the c-suite,
or the CEO or owner.
First, it’s important to understand how c-level leaders prioritize ini‐
tiatives and view proposals. Even if you’re not making your case to
c-level leadership, the leaders on your team will likely need to for
large initiatives: understanding how the top leaders think will help
you make the best case for your proposal as it moves up the organi‐
zational tree.

C-level Priorities
Business goals
As leaders of an entire organization, c-level executives must keep
company goals top of mind and put them first in every endeavor.
They aren’t likely to consider investing in something that doesn’t
clearly contribute toward those goals.
When drawing up a proposal, make sure you understand your busi‐
ness’s overarching business goals. Often, they’re drawn out in time

Making the Case to Leadership | 33

increments—a 1-year plan, a 5-year plan, and a 10-year plan, for
instance. Determine how your proposed solution or strategy moves
the business closer to one or more of those goals, and state this
explicitly in your proposal.
Drawing the relationship from solution to business goal may not
always be linear. For example, if your business goal is to become the
go-to solution in its market in five years, you could make the case
that it would need to be able to support a distributed environment
to remain competitive and achieve this. This would set the ground‐
work to convey the necessity of solutions that support a scalable dis‐
tributed IT infrastructure (a remote workforce).

Business values
Along the same line, most c-level leaders cultivate their organiza‐
tions to operate within a set of values. This is becoming more prom‐
inent as consumers and workers both highly favor companies with
strong value systems and culture. If you’re not aware of your compa‐
ny’s values, they’re often listed in the “About” section of its website.
Explicitly tying your proposal to one of your company’s values is
another great way to get traction.

Cost
There’s no avoiding the cost discussion when bringing proposed
ideas to leadership. However, the discussion can go deeper than
face-value expenses. Sometimes, solutions deliver cost benefits and
savings that aren’t reflected in their face-value cost. Make sure you
clarify all potential for cost savings in your proposal and delineate
the savings in numbers or estimates where you can.
Common ways solutions can reduce costs include:

• Reducing the TCO of your IT infrastructure. Replacing several

point solutions with one more robust solution, reducing the
need to purchase and maintain equipment, and paying for only
what you need are common TCO justifications for cloud tech‐
nology.
• Reducing the risk of incurring noncompliance fees.
• Reducing the risk of a costly security breach.

34 | Chapter 5: Implementing Solutions

 • Increasing ROI by delivering quicker, better, or more efficient
results than current solutions, alternatives, or the current lack of
solutions.
• Optimizing resource allocation and output by increasing pro‐
ductivity, directing time and resources toward mission-critical
initiatives, and increasing efficiency.
• Increasing retention and reducing churn (it costs much more to
hire than to retain talent).

Risk
Risk is another factor leaders won’t overlook when considering a
solution. As such, glossing over risk in the hopes of leaving it out of
the discussion won’t cut it. Instead, be up front about risk. Not many
solutions come with zero risk, so a discussion around potential risks
is unlikely to be an immediate deal breaker but rather a necessary
part of evaluating the proposed technology.
While the following list is not exhaustive, leaders tend to consider
risk in the following areas:

• Data breach or cyberattack

• Monetary loss
• Customer loss
• Productivity or efficiency loss
• Company reputation
• Employee turnover

One of the best ways to approach risk is by quantifying it. The first
step is to identify potential risks. Then, assign these risks a level of
severity and likelihood. Consider the risk map (see Figure 5-1) for
conveying risk visually. Finally, communicate ways you’ll be able to
prevent or mitigate these risks, either through tool modifications,
additional solutions, processes, or other methods.

Making the Case to Leadership | 35

Figure 5-1. When positioning a solution’s risk to leadership, visualize it
by quantifying the risk’s severity and likelihood.

Closing Thoughts
The shift to remote work was fast and widespread, and its implica‐
tions on the way IT teams, end users, and businesses as a whole
operate were profound. Organizations need to adapt quickly, but
strategically and securely. And while big initiatives can be daunting,
they only become harder to implement with time as your organiza‐
tion becomes more and more entrenched in outdated solutions. The
time to optimize your infrastructure to support remote and hybrid-
remote work is now.
As you move forward, remember that it’s okay to break large under‐
takings into smaller, digestible pieces; however, never lose sight of
the whole in doing so. Plan strategically, implement purposefully,
and stay on course with the guidelines outlined in this report and
your business’s overarching goals. These principles should guide you
to building a future-proof infrastructure that can support your
workforce in a distributed world.

36 | Chapter 5: Implementing Solutions

About the Authors
Ryan Bacon is the IT Support Manager at JumpCloud, the world’s
first cloud directory service. While he has been a computer nerd his
whole life, Ryan worked in a variety of industries before becoming
an IT pro. His experience in other fields, as well as a healthy mix of
nontechnical and technical schooling, influences his approach to IT
in ways that he is more than willing to talk about.
Kim Crawley is dedicated to researching and writing about a ple‐
thora of cybersecurity issues. Some of the companies Kim has
worked for over the years include Sophos, AT&T Cybersecurity,
BlackBerry Cylance, Tripwire, and Venafi. All matters red team, blue
team, and purple team fascinate her, but she’s especially fascinated
by malware, social engineering, and advanced persistent threats.
Kim’s extracurricular activities include running an online cyberse‐
curity event called DisInfoSec and autistic self-advocacy. When she’s
not working, Kim loves JRPGs (especially the Persona series), trying
to cook Japanese and Korean dishes, goth music and fashion, and
falling down Wikipedia and TV Tropes rabbit holes.
Kate Lake is a senior SEO content writer at JumpCloud, where she
writes about JumpCloud’s cloud directory platform and trends in IT,
technology, and security. Before JumpCloud, Kate wrote content for
solutions by Cisco, Microsoft, VMware, and Veeam, to name a few.
She holds a Bachelor’s degree in Linguistics from the University of
Virginia and is driven by a lifelong passion for writing and learning.
When she isn’t writing for JumpCloud, Kate can be found traveling,
exploring the outdoors, diving into old sci-fi, and writing for pleas‐
ure.