Trustworthy tips for applying Zero-Trust methods for managed services

Trust is a delicate thing — and in the world of IT security, trust is everything.

This means that as technology changes rapidly, so must our approach to the granting of trust.

The most current popular approach, in fact, advocates against granting any trust at all, at least initially.

It’s called the Zero-Trust principle and it can be a life-saver for managed service providers (MSPs) overseeing SaaS security in these cloud-centric times.

As modern enterprise environments become a series of interconnected segments, SaaS stacks, and infrastructure that includes remote devices and mobile environments, the traditional method of trusting devices within an organization’s IT perimeter no longer fits the bill.

This new paradigm necessitates that all devices, by default, should not be trusted, even those connected to a managed network or were previously verified as trustworthy.

Yes, zero trust means zero trust.

But of course, trust cannot be withheld indefinitely. The zero-trust approach calls for rigorous mutual authentication, device validation regardless of location, and the provision of access to applications and services based on the confidence of both device and user identity. So zero-trust actually means trust that’s hard-earned.

 

MSPs can zero-in on zero trust

While the principle of zero-trust evolved to meet the needs of massive enterprises, it has become increasingly valuable even for the average MSP of today. The benefits of the zero-trust model for MSPs include enhanced protection of customer data, reduced complexity of the security stack, and reduced need to hire security professionals.

Still, no model is perfect and zero-trust has its shortcomings, chiefly in how it can create roadblocks that are detrimental to running managed services effectively. An MSP’s customers can become resistant to adopting an approach that may strike them as unnecessarily extreme.

So how can zero-trust selectively help? Here are three things MSPs can do that will protect both customers and an MSP’s business without derailing operations.

 

1. Multifactor Authentication. Passwords are great but very often they alone are not enough. Multifactor authentication (MFA) is the security approach that requires multiple methods of authentication to verify a user’s identity for login or transactions. MFA should combine two or more types of credentials, including for instance what the user knows (e.g., a password), what the user has (e.g., a security token), and what the user is (e.g., assigned role or access level).

All by itself, MFA can protect MSPs and their customers against 99% of security breaches and, as a bonus, it’s actually a much easier model to operate compared to single authentication.

 

  1. Least Privilege Access. The safeguarding principle called Least Privilege Access (LPA) holds that if each user in a system is given only the level of access needed to complete assigned tasks, the possibility for both innocent human error and devious cyber attacks is greatly reduced.

As we outlined in another recent blog post, the absence of LPA protocols can open the door to nightmare scenarios such as private files made public through administrator error, increased damage from phishing attacks and installation of malicious code, and even access by hackers who can find ways to escalate their own privileges and do untold damage within an IT environment.

 

  1. Security Policies. Even in the IT world, blunt instruments like security policies can be highly effective. These out-of-the-gate defaults embody the zero-trust philosophy by blocking particular IPs, or countries, or even forms of data sharing.

Policy creation and application can of course vary greatly across organizations but can include a wide range of areas such as access control, data classification, encryption, remote access, acceptable use, malicious code protection, physical security, backups, employee on/offboarding, and more.

 

Putting it all into practice

If zero-trust methods are increasingly attractive to MSPs, then a SaaS management platform that easily accommodates the provisions mentioned above is becoming a necessity for today and tomorrow. MSPs who work with Augmentt will find that our platform was designed to apply zero-trust methods on many fronts with quick and easy automation.

Augmentt lets MSPs offer multifactor authentication by leveraging the Google Authenticator app. When users log in, Authenticator generates a six- to eight-digit one-time password that users must enter in addition to their usual login details.

And because it was designed with a transparent access management model, Augmentt Engage easily lets MSPs adopt LPA for all users across multiple applications. MSPs can seamlessly provide users with only the access level they require to get the job done, leading to far less exposure to the security risks and data breaches associated with overprovisioning.

While the old way of monitoring security settings across every application is a time-consuming task that’s applicable to many teams, Augmentt’s centralizing benefit gives MSPs the ability to conduct periodic audits from one screen to help ensure that security settings match organizational policies. This creates a high degree of confidence that a customer’s sensitive software and accounts are protected.

In a time when IT trust can be a little bit harder to earn, SaaS management platforms like Augmentt can make zero-trust a whole lot easier to automate, monitor, and manage.

Derik Belair

As President and CEO, Derik leads the vision, strategy and growth of Augmentt. Prior to founding Augmentt, Derik was the Vice President at SolarWinds, leading the digital marketing strategy for SolarWinds’ Cloud division. Derik has been working in the channel for over 20 years, starting his career as a channel sales rep at Corel Corp. and eventually becoming the first employee at N-able Technologies in April of 2000.
SUBSCRIBE for more resources
Related Content

Agent-based SaaS Discovery

    When it comes to Augmentt Discover, we believe in flexibility and power. Augmentt Discover can collect SaaS usage data using both an Agent and Agentless model. Here is a quick…
    Read

    Product Evaluation Guide

      Thank you for starting your Augmentt Product Evaluation and Trial   Here are a few resources that will help you through this technical process. Support Technical Support is available to…
      Read
      Augmentt is a centralized SaaS security platform built for MSPs to deliver scalable managed security services for Microsoft and cloud apps. Our multi-tenant platform gives you visibility across all your end-users to easily audit, protect and detect security threats for a holistic approach to cyber security.