Traditionally all business cybersecurity resources go to defending the network perimeter against external attacks. However, the adoption of the cloud, coupled with remote working and the influx of user devices has completely changed the network perimeter, and cyber criminals have recognised this.
While firewalls and intrusion detection systems certainly play an important role in protecting a business against cyber-attacks, they fail to adequately protect against internal threats and breaches, a vector that is increasingly being exploited by threat actors with internal threat incidents increasing by 44 per cent over the last two years.
Zero Trust Access can be summarised as ‘never trust, always verify’. It is not one packaged-up solution, but a set of principles that command that all users, whether in or outside the organisation’s network, are continuously authenticated, authorised, and validated. By treating the network as always hostile, poor employee security, credential attacks, and internal breaches can all be mitigated. This is according to Daniel Hurel, VP Cyber Security & Next Gen Solutions, Westcon EMEA.
Zero Trust Access and the channel
If Zero Trust Access can help deliver on robust security, why doesn’t every organisation implement it? While many organisations see the value in implementing a Zero Trust Access strategy, a recent survey revealed only 21 per cent of businesses have adopted it as a foundational model across their enterprise, making the issue implementation, not awareness.
This gap can be largely attributed to the perception that moving to Zero Trust Access will require extensive changes. Overhauling how a business thinks about cybersecurity at the core can seem an overwhelming and slightly excessive task.
For the channel, as a huge source of valuable data, ensuring robust security is critical. MSPs can play a central role in converting those remaining organisations and supporting the channel’s overall move to this strategy. Regardless of how far along the adoption of Zero Trust Access an organisation is, MSPs can accelerate and streamline the remaining steps, reducing the pressure on internal security teams.
How can MSPs support channel businesses in adopting Zero Trust Access?
One hurdle which many businesses may come up against is securing buy-in for a new security strategy. As an expert in security, MSPs are poised to support the buy-in stage and outline the future ROI that committing to an organisational shift in security can bring.
Once engaged, an MSP partner can audit the organisation’s existing policies and infrastructure, gaining a better understanding of its future needs. Insights into how cybersecurity is understood in the business, current weaknesses, potential attack vectors, and areas for improvement make up the basis for a successful security strategy. For one organisation, identity may be the overriding issue, whereas apps may be the problem for another - from here, the MSP can narrow down and recommend which combination of cybersecurity tools would best serve the company. With extensive partner relationships, MSPs can consider a huge range of global vendors, ensuring a personalised experience.
As the Zero Trust Access plan is carried out, MSPs continue to play the crucial role of a trusted adviser to the organisation. For SMEs, which typically struggle to allocate a substantial amount of money to security and may lack a dedicated internal team, an MSP partner can provide ongoing, outsourced technical support. For all customers, ongoing monitoring and maintenance of security systems can be managed without disruption to users.
A Zero Trust Access future
In recent years, many advances have been made in cybersecurity technology making Zero Trust Access much easier to implement. Nevertheless, converting decision-makers, reducing complexity, and understanding the mixture of tools suited to your organisation are not always easy. As network perimeters continue to dissolve and remote working becomes the new normal, Zero Trust Access has become imperative to keeping the channel secure and the availability of MSP support can make the shift to this much simpler.