Are MSPs Adopting Zero-Trust Security?
2020 has been a challenging year for companies across the globe. Business continuity has been tested to the max, showing that the world as we see it today is calling for accelerated digital transformation. The massive change to a fully remote work environment has amplified both the urgency and the obstacles around cybersecurity.
Unfortunately, while some businesses focused on “survive to thrive” mode, cybercriminals jumped at the opportunity to identify vulnerabilities and prime targets. With attacks becoming more sophisticated and because extending VPN protection is not enough, solution providers are now looking at a security framework that focuses on avoiding breaches by embracing the “never trust, always verify” that comes with the zero-trust approach.
Whereas a traditional network is built around the idea of inherent trust, a zero-trust framework assumes that every device and user, on-network or off, represents a security risk. The “never trust, always verify” approach uses multiple levels of protection to prevent threats, block lateral movement and enforce granular user-access controls.
Many MSPs are positioning their business by offering the zero-trust approach to customers. A strategy that eliminates easy targets by blocking attackers both within and outside of the network, so no users or machines are automatically trusted.
The main principles of the zero-trust approach focus on verifying user identity, devices, access, and services so no assumptions about security are made and the risk for vulnerabilities is significantly reduced. If you are considering adopting this model, here are three key areas in the implementation of zero-trust networks:
- Identifying users and devices: Always know who and what is connecting to the business network. As companies grapple with having the predominance of their workforce working remotely, securing access to internal tools presents a major challenge. Cloud-based multi-factor authentication (MFA) services offer mitigation against credential theft, fraud and phishing attacks.
- Providing Secure Access: Limit access to business-critical systems and applications to only those devices that have explicit permission to access them. In the zero-trust framework, the goal of access management is to provide a means to centrally manage access across all common IT systems, while limiting that access to only specific users, devices, or applications. Single sign-on (SSO) technologies, combined with MFA, can improve access security and minimize the password burden on users.
- Continuous monitoring: Monitor the health and security posture of the network and all managed endpoints. Malware and ransomware threats have only accelerated as a result of coronavirus. Keeping users safe as they navigate the Internet is more difficult when they are connecting from outside of your network. Staying on top of threats requires persistent, advanced security that goes beyond endpoint antivirus.
Forrester Research Inc. first coined the term “zero-trust” in 2010. A decade and a pandemic later, as service providers face an increasingly complex marketplace, new demands call for new business offerings: more user-centric security solutions, Cloud-hosted artificial intelligence (AI) systems, and the “never trust, always verify” mindset.
Are you looking to provide a zero-trust approach for your customers? Contact a Channel Account Manager and try WatchGuard Passport out yourself for $.01.