Trust is a delicate thing — and in the world of IT security, trust is everything.
This means that as technology changes rapidly, so must our approach to the granting of trust.
The most current popular approach, in fact, advocates against granting any trust at all, at least initially.
It’s called the Zero-Trust principle and it can be a life-saver for managed service providers (MSPs) overseeing SaaS security in these cloud-centric times.
As modern enterprise environments become a series of interconnected segments, SaaS stacks, and infrastructure that includes remote devices and mobile environments, the traditional method of trusting devices within an organization’s IT perimeter no longer fits the bill.
This new paradigm necessitates that all devices, by default, should not be trusted, even those connected to a managed network or were previously verified as trustworthy.
Yes, zero trust means zero trust.
But of course, trust cannot be withheld indefinitely. The zero-trust approach calls for rigorous mutual authentication, device validation regardless of location, and the provision of access to applications and services based on the confidence of both device and user identity. So zero-trust actually means trust that’s hard-earned.
MSPs can zero-in on zero trust
While the principle of zero-trust evolved to meet the needs of massive enterprises, it has become increasingly valuable even for the average MSP of today. The benefits of the zero-trust model for MSPs include enhanced protection of customer data, reduced complexity of the security stack, and reduced need to hire security professionals.
Still, no model is perfect and zero-trust has its shortcomings, chiefly in how it can create roadblocks that are detrimental to running managed services effectively. An MSP’s customers can become resistant to adopting an approach that may strike them as unnecessarily extreme.
So how can zero-trust selectively help? Here are three things MSPs can do that will protect both customers and an MSP’s business without derailing operations.
1. Multifactor Authentication. Passwords are great but very often they alone are not enough. Multifactor authentication (MFA) is the security approach that requires multiple methods of authentication to verify a user’s identity for login or transactions. MFA should combine two or more types of credentials, including for instance what the user knows (e.g., a password), what the user has (e.g., a security token), and what the user is (e.g., assigned role or access level).
All by itself, MFA can protect MSPs and their customers against 99% of security breaches and, as a bonus, it’s actually a much easier model to operate compared to single authentication.
- Least Privilege Access. The safeguarding principle called Least Privilege Access (LPA) holds that if each user in a system is given only the level of access needed to complete assigned tasks, the possibility for both innocent human error and devious cyber attacks is greatly reduced.
As we outlined in another recent blog post, the absence of LPA protocols can open the door to nightmare scenarios such as private files made public through administrator error, increased damage from phishing attacks and installation of malicious code, and even access by hackers who can find ways to escalate their own privileges and do untold damage within an IT environment.
- Security Policies. Even in the IT world, blunt instruments like security policies can be highly effective. These out-of-the-gate defaults embody the zero-trust philosophy by blocking particular IPs, or countries, or even forms of data sharing.
Policy creation and application can of course vary greatly across organizations but can include a wide range of areas such as access control, data classification, encryption, remote access, acceptable use, malicious code protection, physical security, backups, employee on/offboarding, and more.
Putting it all into practice
If zero-trust methods are increasingly attractive to MSPs, then a SaaS management platform that easily accommodates the provisions mentioned above is becoming a necessity for today and tomorrow. MSPs who work with Augmentt will find that our platform was designed to apply zero-trust methods on many fronts with quick and easy automation.
Augmentt lets MSPs offer multifactor authentication by leveraging the Google Authenticator app. When users log in, Authenticator generates a six- to eight-digit one-time password that users must enter in addition to their usual login details.
And because it was designed with a transparent access management model, Augmentt Engage easily lets MSPs adopt LPA for all users across multiple applications. MSPs can seamlessly provide users with only the access level they require to get the job done, leading to far less exposure to the security risks and data breaches associated with overprovisioning.
While the old way of monitoring security settings across every application is a time-consuming task that’s applicable to many teams, Augmentt’s centralizing benefit gives MSPs the ability to conduct periodic audits from one screen to help ensure that security settings match organizational policies. This creates a high degree of confidence that a customer’s sensitive software and accounts are protected.
In a time when IT trust can be a little bit harder to earn, SaaS management platforms like Augmentt can make zero-trust a whole lot easier to automate, monitor, and manage.