Zero Trust for MSPs and MSSPs

COVID-19 accelerated trends such as cloud and remote work.  In response, MSPs and MSSPs often had to quickly implement VPN and VDI solutions – to secure their access to their customer enviros, and to enable their customers to securely access their apps.   However, the recent ransomware attacks highlighted that VPN and VDI are insecure (and we already knew they were expensive, a poor user experience and a poor administrator experience).

This has even resulted in nation level edicts to replace old solutions such as VPNs and VDI with Zero Trust architectures.  Here in the US, President Biden put a spotlight on Zero Trust’s importance in these areas with this May 2021 “Executive Order on Improving the Nation’s Cybersecurity”. The Executive Order states “The Federal Government must adopt security best practices; advance toward Zero Trust Architecture…and within 60 days of the date of this order, the head of each agency shall develop a plan to implement Zero Trust Architecture.”

This post describes how MSPs and MSSPs help their customers move towards Zero Trust.  This includes how MSPs and MSSPs can provide immediate software-only SaaS solutions for problems like ransomware, while helping businesses progress on the longer journey towards full Zero Trust.

Zero Trust for MSPs and MSSPs – immediate help

Double the pain

Third party vendor access is one of the main culprits for the recent ransomware attacks.  Meanwhile, MSPs and MSSPs are third parties to their customers.  This is why MSPs and MSSPs were victimized by Kaseya.  For MSPs and MSSPs this is doubly painful – not only are their customers suffering a breach like Kaseya, but the MSP or MSSP itself was the conduit of the ransomware.

Triple the goodness

However, now MSPs and MSSPs can easily and immediately implement Zero Trust for their own services.  This has three benefits:

One: Lower costs.

MSPs and MSSPs use Zero Trust to replace the expensive VPNs, VDIs and firewall management (e.g. ACLs with white lists). For example, NetFoundry’s Zero Trust for MSPs and Zero Trust for MSSPs solutions are priced between $5 per user and $15 per user, whereas VDI is priced between $10 and $30.

Two: Stronger MSP and MSSP security.

Zero Trust helps ensure the MSP and MSSP will not be the next Kaseya type victim.

Three: Skyrocketing Zero Trust sales for the MSP and MSSP.

Demand for Zero Trust is sky high but it can be complex.  Now, MSPs and MSSPs have an easy button.  After securing their own connections, eliminating VPNs and VDI, the MSP and MSSP can resell the same instant-on, software-only NetFoundry SaaS service to their customers for their customers other third party connections.

NetFoundry Zero Trust SaaS for MSPs and MSSPs – two options to close all your ports

The main problem with solutions like VPN, VDI and firewall is the outside world has network access to the MSP/MSSP (provider), and to the MSP/MSSP customer (business).  NetFoundry eliminates this access – both sides – the provider side and the business side close all inbound firewall ports!  This is true across all use cases and topologies (private, hybrid, cloud, multicloud) – no exceptions.

Because NetFoundry provides a Zero Trust Platform, made for MSPs and MSSPs, you get native, cloud-orchestrated multi-tenancy, controls and visibility.  All of your customers are managed from a single plane of glass.  That single pane of glass can be your existing management tools (leveraging the NetFoundry management API), or can be the NetFoundry Web Console (provided as part of the NetFoundry Zero Trust SaaS service and leveraging the same NetFoundry APIs).  There are two main ways to implement this zero trust paradigm: app-embedded or solution-integrated:

App-embedded Zero Trust

In this solution, the MSP or MSSP uses the NetFoundry Ziti SDKs to add some code to the MSP or MSSP agent or client software.  This code transforms the agent into a Zero Trust agent – the agent gains all the Zero Trust functions, as SaaS, and the business does not need to deploy anything.  The agent itself now has embedded Zero Trust. Critically, NetFoundry makes this simple.  For example, here is Zero Trust embedded into SSH.

Solution-integrated Zero Trust

This solution uses NetFoundry mobile agents, desktop agents, containers and/or VMs as the endpoints.  The endpoints provide all the Zero Trust functions, as SaaS, and the business does not need to deploy any infrastructure.  These agents (build on the SDKs described above) do embedded identity, authentication, authorization, encryption, least privileged access and app level microsegmentation.  Only policy-specified apps are optimized – for example, the agents may secure third-party connections, but may route Netflix towards the Internet (if that is the policy)

Helping your customer throughout the Zero Trust journey

Providing secure third party access as a Zero Trust services helps MSPs and MSSPs serve on of the most important needs which businesses have today.  However, it is just step one on the Zero Trust journey.  Your business will require your Zero Trust services along the entire journey.  NetFoundry is built to enable MSPs and MSSPs to provide Zero Trust services to your customers along this journey.

Because NetFoundry provides a platform which enables Zero Trust for any use case, and NetFoundry open sourced the underlying software, MSPs and MSSPs get ultimate assurances, and can provide the same to your customers while enabling their Zero Trust journey.  Your customers don’t know what they will be dealing with tomorrow – nobody does – NetFoundry enables you to not lock yourself or your customer into a corner with proprietary or closed solutions.

As you take your customer through the full Zero Trust journey, you will iteratively implement solutions such as:

+ Zero trust data security.  Make databases inaccessible from the networks – link listeners shut down.

+ Zero Trust cloud.  Replace VPN and MPLS cloud connections with Zero Trust.

+ Zero Trust IoT.  Ensure OT and IoT environments are logically air gapped.

+ Full Zero Trust.  Completely eliminate the WAN.

Click the Banner to Start Delivering Zero Trust Services to your customers today

CTA briefing

Additional Resources

Web: Becoming a Zero Trust provider
NetFoundry Blog:
Twitter: @NetFoundry

Discuss On: