MSSPs Can’t Ignore Zero Trust

Digital security concept 3d

As the threat landscape becomes more advanced, many security teams continue to try and weave an array of products from multiple vendors into tightly integrated platforms that can span remote sites, corporate facilities, and multi-cloud deployments. However, in today’s highly distributed networks, these traditional multi-vendor strategies are too complex and incapable of addressing the volume, variety, and velocity of threats found in today’s operating environment.

Author: Jonathan Nguyen-Duy, VP of field CISO, Fortinet
Author: Jonathan Nguyen-Duy, VP of field CISO, Fortinet

The practical reality of today’s challenges along with the scarcity of cybersecurity talent is driving more organizations to partner with managed security service providers (MSSPs). Organizations that range from small and medium-sized businesses, to global enterprises are all struggling with challenges related to complexity and visibility. These organizations are looking to MSSPs for more consistent performance, cost savings, user experiences and business outcomes.

To address this opportunity, MSSPs must not only offer enhanced capabilities beyond those of traditional in-house solutions, but they must also do that in a cost-effective manner. At the heart of today’s demand for managed security services is the challenge of ensuring consistent performance and security irrespective of location. Zero Trust with its focus on ensuring least privilege access so that users can only access what they need to perform their jobs is now foundational to any cybersecurity strategy. Indeed, just about everyone from cybersecurity professionals to government officials has said it's imperative to adopt the Zero Trust security model. Accordingly, Zero Trust solutions are now table stakes for any MSSP.

Zero Trust concepts are not new, but people are hearing more about them because of the permanent adoption of work from anywhere (WFA) initiatives. The need to support more remote workers because of the pandemic, forced many organizations to take another look at their VPNs and limitations of these traditional solutions. As hybrid work models becomes a normal fixture of business, the perimeter-based network security model used by VPNs of "inside means trusted" and "outside means untrusted" is clearly no longer adequate.

Zero Trust Implementation

Least privilege is a critical tenant of the Zero Trust security model, which assumes that nothing and no one should be trusted until proven otherwise. Based on continuous identification, authentication, validation and monitoring of all traffic, Zero Trust requires consistent visibility and control across LAN, WAN, data center, and cloud edges.

Taking a piecemeal approach to Zero Trust can often leave security gaps as well as, expensive and cumbersome solutions. In my experience, a better strategy is to adopt Zero Trust tactics using a platform approach from the outset with products that are integrated by design. The requirements of speed and scale are the primary reasons for a broad, integrated, and automated platform.

Zero Trust Network Access (ZTNA) solutions should be straight forward - providing automatic secure remote access that verifies who and what is on your network and secures application access no matter where users are located. Implementing least privilege strategies involves identifying and classifying all the users and devices that seek network and application access, assessing their state of compliance with internal security policies, automatically assigning them to zones of control, and continuously monitoring them, both on and off the network.

Most organizations don't move to a Zero Trust model all at once; they do it gradually. So, it's important to select solutions that will be easy to integrate and grow with business requirements and technology developments. By taking a platform approach, organizations can move forward with security strategies that work no matter what stage of implementation they may be at, and no matter where their users, devices, or resources may be located.

A Platform Approach to Zero Trust

As an MSSP, offering Zero Trust solutions is table stakes as it’s the foundation of every cyber security strategy moving forward. It's an opportunity to offer new services as well as, consolidate and simplify the architecture. According to a Ponemon Institute report, organizations have deployed on average more than 45 security solutions across their organizations. Many of them operate in silos, which adds to the complexity. According to a recent Fortinet survey, 82% of IT teams with ten or more security vendors in place spend at least 30% of their time addressing issues related to vendor complexity.

Adopting a cybersecurity mesh platform helps consolidate products and provides tighter integration and increased automation that helps facilitate a more rapid, coordinated, and effective response to threats across the network. The Fortinet Security Fabric is an example of a mesh platform, which includes FortiGate next-generation firewalls that have ZTNA capabilities. For the client and the MSSPs, the FortiGate delivers a tremendous amount of value with low levels of risk in terms of ZTNA implementation.

Simple ZTNA Migration

As most organizations have hybrid networks, with users and devices that need access to resources from any location, at any time, Fortinet uses the client-initiated ZTNA model, with an agent on a device to create a secure tunnel. For service providers, this is a well proven, highly scalable solution. Implementing Fortinet’s ZTNA solution requires a client, a proxy, authentication, and security.

Migration is easy for customers already using the FortiGate firewall and FortiClient agent as there is no additional cost or license required. In addition to the cost savings and performance improvements, the granular application and session level security offered by ZTNA is more robust than traditional VPNs. . Migrating to ZTNA can be readily done in a controlled manner by simply changing a few settings. If you need to roll out slowly, you can migrate only a small group of employees at a time. Fortinet ZTNA is built into the operating system, you can move to ZTNA when you're ready at the pace that you want.

Consistency and Reliability

As customers look to MSSPs to help them with ever-more-complex cybersecurity challenges, offering limited, complicated, or disconnected services is not a good way to build business. Every MSSP wants to reduce complexity and provide consistent performance. But consistency also means more reliability in terms of implementations and better quality of service, which leads to more revenue. Offering Zero Trust solutions with a flexible implementation of ZTNA is ideal for today’s hybrid environments because it offers a consistent policy enforcement and performance on-premises, private cloud, and public cloud.

Author Jonathan Nguyen is VP of field CISO at Fortinet. Read more Fortinet blogs hereRegularly contributed guest blogs are part of MSSP Alert’s sponsorship program.