By Tim Boivin
Digital transformation offers a great opportunity for managed service providers (MSPs). Consider:
- 70% of companies already either have a digital transformation strategy in place or are working on one, as they look to improve operational efficiency, accelerate time to market, and better meet customer demands.
- 93% of companies consider innovative technologies as necessary to reaching their digital transformation goals.
- 45% of executives think their company doesn’t have the right technology in place for their digital transformation efforts, which creates a great market opportunity for MSPs.
But are MSPs safe and secure partners? Perhaps not as much as they should be. And that’s why MSPs are increasingly considering a Zero Trust approach for their IT security needs going forward.
In 2019, at least 13 managed service providers (MSPs) were compromised by ransomware. An attack on an MSP in November impacted more than 100 dental practices, while one of the largest MSPs in Spain was also hit by ransomware earlier that month.
MSPs (including managed security service providers, or MSSPs) are attractive financial targets for hackers. The irresistible lure is that MSPs will exponentially extend the pain ransomware attacks inflict to their customers. These customers, including businesses, government agencies and non-profits/NGOs, increasingly rely on MSPs to manage secure access to resources as they look to rapidly expand their digital transformation efforts.
Complexity & Cost
What led to MSPs becoming such a prime target for hackers?
MSPs’ traditional approach to security has been to rely on a vast variety of costly, complex solutions to manage their customers’ widely divergent access needs. Sure, MSPs try to reduce this complexity and cost by purchasing and installing software that creates a templated experience. But those solutions still must be uniquely configured to connect to each individual customer’s infrastructure, while also requiring a ton of micromanagement every time a new customer or app is added.
There are critical – and easily exploited – flaws in this traditional, convoluted approach. Since MSPs are managing firewalls across virtually all security scenarios for those platforms, they must open and close ports, create port forwarding rules, and manage access control lists for each customer. One slip, one gap in any of the MSP’s security responsibilities, and the hackers are in – not just inside the MSP’s infrastructure, but also from there gaining the ability to move laterally to also target attacks directly against MSP customers as well.
Even worse, most MSPs today don’t have the means to even track user access across all their customers’ resources. That has serious consequences at a time when hackers are so successful at hijacking legitimate user credentials through phishing attacks. Compromised credentials are one of the predominant ways that hackers are getting in today, enabling them to access MSP customer resources. Once the hackers get in, they can go anywhere and cause even more damage, and they are practically impossible to track in a timely fashion.
All of these issues can be addressed by the Zero Trust approach of Total Access Control (TAC) from PortSys.
Zero Trust benefits for MSPs
What are the benefits of a Zero Trust approach? Simply put, MSPs using TAC can offer the best quality security for their customers. TAC allows MSPs to reduce their complexity, strengthen security, and make access easier for end users. Its consolidated, unified Zero Trust technology is more cost-effective than having to manage multiple disparate solutions. And TAC’s ability to segment resources limits customer exposure to ransomware attacks and other malicious activities.
Let’s do a deeper dive into these benefits:
- Control Access to Everything through One Solution – TAC becomes the arbiter of access to everything – a single location for customers where MSPs can dynamically manage all end user access requests. All access is controlled by TAC, strengthening user validation. TAC uses context of access to authorize or deny requests for each resource and provide access through just one single, well defended port, rather than opening up multiple ports across the network for various access needs. You no longer have to open up ports for RDP, VPN, SSH and other remote access methods.
- Strengthen Security Using Context of Access – TAC’s reverse proxy technology permits access through a single portal to all customer applications – but only after using Zero Trust principles to consider not just the user, but the device, location, device security status and many other factors regarding the user’s context of access that the MSP and customer require.
- Significantly Reduce Complexity – Administering a multitude of security policies for various user groups and applications is the scourge of admins everywhere – both for MSPs and their customers. TAC automatically applies granular security policies based on the group level(s) of access a user has been approved for – all done seamlessly without a user having to jump through additional hoops every time access is required for an additional app. In an organization that may have 10 departments, this allows the MSP and customer to limit access only to the applications and resources each user requires, and not the entire network.
- Cut Security Costs – Since TAC takes a unified, much more automated approach to access control, all the traditional configuration costs are eliminated and the expense of managing so many disparate security solutions dissolves. Users gain secure access through one URL for everything, while TAC’s intelligence insulates customer networks from suspect devices and unsavory hackers. No more need for yet another security solution from yet another vendor, for yet another app the Widget Department wants to add.
- Easier to Manage – In the typical network environment, when a business unit has a new application that it wants to make available to its users, the process is overwhelming and burdensome. The company must authorize it, the manager of firewalls must open a port (that may or may not be secure), and then the MSP will try to strengthen the security by inserting multifactor or 2-factor authentication. This process is repeated every time a new app is requested, wasting valuable time and resources. TAC’s wizard-driven menu, on the other hand, enables customer admins to request an application to be added with a few clicks, instead of going through the complicated, cumbersome process outlined above. Admins select the type of app and the types of authentication required (2-factor or multi-factor), turn on Single Sign-On (SSO), decide upon the device validation and location verification settings, and then publish the app. With this seamless, integrated process, admins and the MSPs don’t even need to touch the firewall to publish an application in TAC.
- Invisible to the Internet – Best of all, the application being added is invisible to the internet. It is only accessible through the TAC gateway, instead of through an open port – meaning bot scans won’t find the port for the application on the attack surface where they would normally look.
Audit Everything
Because TAC controls access to all the resources, MSPs can now understand who is getting access to what across the entire organization. This is invaluable information for an MSP, which can share these reports with their customers at any time at the simple push of a button.
With TAC, customers can also make MSP security policies much more granular based on different factors. For instance, MSP customers can specify that end users only are granted access when using managed corporate devices. Or they may set up a different set of rules regarding anti-virus or certificates when users are connecting to the TAC gateway.
All of this would be enforced through TAC when an access request is made – while not asking the user to do anything more than simply signing in through the TAC portal.
If a user loses a device, TAC also simplifies the process for blocking access. TAC can immediately block access to all apps and resources for any user or selected device. Devices can also be selectively wiped – and unwiped, if the user ultimately finds the lost device.
Each instance of TAC now allows MSPs for the first time to view all end user access through a single, centralized view. MSPs can see all the users requesting and gaining access and manage them through TAC’s secure interface.
This visibility offers a great growth opportunity for MSPs to securely manage access for customers in both their local environment, such as the data center for headquarters, and for cloud service providers such as Office 365 – all in one place.
Finally, MSPs can also audit everything surrounding access with TAC, and gain control over functions including Single Sign-On (SSO), security policies, application delivery, secure tunneling, authentication, and corporate and personal devices – all in one place, for each of their customers.
Scale Digital Transformation’s Heights with TAC
MSPs who have TAC in place can help their customers scale up quickly to meet the growth generated through digital transformation and gain a competitive edge in the marketplace. MSPs can build large arrays of TAC servers to meet their customer needs, and it’s elastic as well – they can scale virtual machines (VMs) up or down to meet demand and accelerate speed to access for unlimited numbers of users.
As customers look to digital transformation to improve business processes, explore innovations and drive growth, MSPs have a great opportunity to play critical roles as their trusted partners. With TAC, MSPs are well suited to take on those roles and gain market share.
Tim Boivin is the Director of Marketing for PortSys. He can be reached at +1 781-996-4899 or tim.boivin@portsys.com.