Zero Trust for MSPs

COVID-19 put digital transformation trends such as cloud and remote worker into turbo.  The recent ransomware attacks highlighted the critical need for businesses to strengthen their security.  Together, these tsunamis have resulted in businesses demanding solutions from their MSPs and MSSPs.  Zero Trust is considered part of the solution for both trends: Zero Trust helps strengthen security against attacks such as ransomware, and helps provide the agility and automation required by turbo-charged digital transformation efforts.

Here in the US, President Biden put a spotlight on Zero Trust’s importance in these areas with this May 2021 “Executive Order on Improving the Nation’s Cybersecurity”. The Executive Order states “The Federal Government must adopt security best practices; advance toward Zero Trust Architecture…and within 60 days of the date of this order, the head of each agency shall develop a plan to implement Zero Trust Architecture.”

So how do MSPs and MSSPs help their customers move towards Zero Trust?  How can MSPs and MSSPs both provide immediate solutions for problems like ransomware, while helping businesses progress on the longer journey towards full Zero Trust?  This post examines a Zero Trust strategy for MSPs and MSSPs and highlights ways to simplify and accelerate – ways for MSPs and MSSPs to help businesses immediately.

Zero Trust for MSPs – immediate help for your business customers

Third party vendor access – across the ICT supply chain – is one of the main culprits for the recent ransomware attacks.  For example, both the Kaseya and SolarWinds attacks leveraged third party vendor access to spread ransomware across the victims networks.  For MSPs and MSSPs this is doubly painful – not only is the business suffering a breach but the MSP or MSSP itself was often the conduit of the ransomware.  However, there is a silver lining to this cloud in that MSPs and MSSPs can help control their own destiny here – MSPs and MSSPs can easily and immediately implement Zero Trust for their services, ensuring they will not be ransomware conduits – while helping businesses implement Zero Trust for all third party vendors in an iterative manner.

Zero Trust for MSPs – securing third party access

The only thing between most third party vendors and critical business data is usually vulnerable infrastructure like firewalls, VPNs and SD-WANs. This is not a single vendor problem – nearly every VPN, SD-WAN and firewall vendor has been breached – a recent list includes Cisco, Zyxel, Fortinet, Palo Alto, SonicWall, Citrix, F5, Sophos and Pulse.  As we have seen in the ransomware attacks, and as reinforced by Zero Trust guidance from every leading security firm and most governments around the globe, third party access requires Zero Trust.

With NetFoundry’s software-only, SaaS approach, MSPs and MSSPs can secure third party access and provide Zero Trust services to businesses.  This approach enables MSPs and MSSPs to become Zero Trust providers, help ensure that the MSP itself is not a ransomware victim and protect MSP customers from third party access threats.  All as a turnkey SaaS service.

Zero Trust for MSPs – securing third party access – locking down MSP agents and servers

Many MSPs and MSSPs deploy agents on customer laptops, or deploy servers which have access to customer networks.  As demonstrated by Kaseya and SolarWinds, these agents and servers are vulnerabilities.  Zero Trust makes these agents and servers ‘dark’.  Meaning, ransomware and similar attacks can no longer see or reach the agents and servers.  Unfortunately, traditional Zero Trust solutions can take months to deploy as it includes identity, authentication, authorization, least privileged access and microsegmentation.  NetFoundry provides all those Zero Trust functions as turnkey SaaS.  What does that mean for MSPs, MSSPs and their business customers.  The easy button to making third party agents and servers dark.  NetFoundry has two solutions to fit both of the use cases:

Zero trust for MSP and MSSP agents or apps

In this solution, the MSP or MSSP uses the NetFoundry Ziti SDKs to add some code to the MSP or MSSP agent or app software.  This code then transforms the agent into a Zero Trust agent.  The existing MSP agent gains all the Zero Trust functions, using them as SaaS, and the business does not need to deploy any infrastructure or any additional bespoke Zero Trust agents.  The existing MSP agent now has embedded Zero Trust – it is the Zero Trust solution!  Since this is a software-only, cloud-orchestrated solution, it fits right into the DevOps, NetOps and DevSecOps tools used by MSPs and MSSPs.

Importantly, NetFoundry makes this simple.  For example, here is Zero Trust embedded into SSH.  Notice there is no extra app or infrastructure!  SSH, which is of course both a critical service and a critical vulnerability, is made Zero Trust.  The same solution works for any SSH solution.  The fastest path towards Zero Trust is to avoid the WAN and infrastructure swamps – MSPs and MSSPs can now embed Zero Trust right into the app, such that the app (like SSH) is now secure across any network or cloud.

Zero trust for MSP and MSSP servers

In this solution, the MSP or MSSP uses NetFoundry containers or VMs, either deployed on the existing server, or next to it, depending on operational environment.  This NetFoundry Zero Trust container or VM then provides all the Zero Trust functions, as SaaS, and the business does not need to deploy any infrastructure, configure firewalls or nail up VPNs.  The server is now dark to networks, so ransomware and similar attacks can not find it to begin with.  Like the app-embedded solution above, this is a software-only solution made to slide right into existing DevOps, DevSecOps and NetOps tooling.

MSPs and MSSPs providing Zero Trust services

You have now secured a critical third party for your customer – your own services.  The next step is very simple and very powerful.  Extend the same solution to all of the third party vendors leveraged by your business customers.  Phase one of your Zero Trust services is then to use Zero Trust to secure the most vulnerable connections your customer has – third party vendor access.

Because NetFoundry provides a Zero Trust Platform, made for MSPs, you get native, cloud-orchestrated multi-tenancy, controls and visibility.  All of your customers are managed from a single plane of glass.  That single pane of glass can be your existing management tools (leveraging the NetFoundry APIs), or can be the NetFoundry Web Console (provided as part of the NetFoundry Zero Trust SaaS service and leveraging the same NetFoundry APIs).

Helping your customer throughout the Zero Trust journey

Providing secure third party remote access as a Zero Trust services helps MSPs and MSSPs serve on of the most important needs which businesses have today.  However, it is just step one on the Zero Trust journey.  Your business will require your Zero Trust services along the entire journey.  NetFoundry is built to enable MSPs and MSSPs to provide Zero Trust services to your customers along this journey.

Because NetFoundry provides a platform which enables Zero Trust for any use case, and NetFoundry open sourced the underlying software, MSPs and MSSPs get ultimate assurances, and can provide the same to your customers while enabling their Zero Trust journey.  Your customers don’t know what they will be dealing with tomorrow – nobody does – NetFoundry enables you to not lock yourself or your customer into a corner with proprietary or closed solutions.

As you take your customer through the full Zero Trust journey, you will iteratively implement:

+ Zero Trust functionality.  This includes secure identification, authenticate before connect, least privileged access and app level microsegmentation.  You will provide your customer with industry leading Zero Trust, without having to build all the functions.

+ Zero Trust for every use case.  This includes OT, IoT and IT.  It includes hybrid, cloud and multicloud.  You will enable and secure your customers’ cloud journeys.

+ Zero Trust as a SaaS services, provided by you, rather than an infrastructure based solution.  You will eliminate infrastructure, appliances, and proprietary interfaces, and replace them with software, APIs and cloud orchestrated microservices.

Click the Banner to Start Delivering Zero Trust Services to your customers today

CTA briefing

Additional Resources

Web: Becoming a Zero Trust provider
NetFoundry Blog:
Twitter: @NetFoundry

Discuss On: