Zero-Trust Security is a Lucrative Opportunity for MSPs

Even before the abrupt shift to remote work in 2020, the old approach to network security was becoming outmoded. As more and more workers were on the move or working from home, the data center-centric approach that many firms took was no longer sufficient.

It was becoming clear that endpoint security had to be the new focus. Because those endpoints were getting more amorphous (company-owned and personal devices accessing data and applications from various secure and public wired and wireless networks), zero-trust strategies had to be implemented.

For MSPs, zero-trust technology must be a vital part of the security portfolio to keep client data, networks and applications safe and ensure future growth. According to Gartner, as much as 60% of VPNs will be replaced by zero-trust solutions by 2023. The VPN market is worth between $25 billion and $40 billion, so more than half of that could be up for grabs over the next few years.

The reason: A VPN checks credentials only once, which means a compromised endpoint device could wreak havoc in the network before anyone notices. Persistent access by unsecured devices can no longer be part of any company’s operating procedures.

“So, with zero-trust network access, the assumption is that you don’t trust any access request or connection before verifying it,” says Sinan Eren, one of the founders of Fyde, a zero-trust network access (ZTNA) specialist company that Barracuda recently acquired. “The old adage is ‘trust but verify,’ but it should be the other way around. You need to verify before you trust. Many of us are working from home, and that might end up being the new normal. So, we need to verify the user, the security posture of their devices and their network all the time.”

(You can read the full conversation with Eren here.)

As Eren points out, it’s impossible to know for sure that any endpoint user is secure because you can never know what kind of environment they’re operating within. You may not even be able to confirm the user’s identity.

An approach like the one taken by the combined Barracuda and Fyde solution automatically identifies potential policy violations, authenticates endpoint users and helps accelerate the response when there’s a problem. These solutions also place more heavy lifting at the endpoint instead of having traffic inspected in the cloud. This eliminates some of the latency problems that would otherwise be associated with performing authentication across the cloud.

The zero-trust approach focuses on verifying user identities, device access and services without making any assumptions. It also dramatically reduces risks from remote computing and application access.

Selling Zero-Trust Solutions

For MSPs, there’s a burgeoning market for these solutions, as well as additional sell-through opportunities with clients who purchase these solutions down the road. How can an MSP successfully integrate zero-trust into their security offerings?

1. Differentiate your zero-trust solutions. The market for these systems is crowded and expanding, which means clients will need help selecting the right combination of tools. Create tailored zero-trust solutions that can be targeted at specific vertical market segments and address your customers’ particular needs.
2. Vet your technology vendors. As with any security offering, it’s essential to engage in proper due diligence before you agree to sell a solution. Few vendors can provide an end-to-end system, so evaluate their claims thoroughly. Take a look at what they can do both in the cloud and on-premises, what partners they work with, how research firms rank them, and their financial situation.
3. Train and certify your team. Take advantage of vendor training and make sure your staff is comfortable with the solutions before selling or deploying them. Firms like Forrester also offer zero-trust certification programs, as do several online education sites.

Zero-trust solutions can provide MSPs’ clients with many significant benefits. Endpoint devices can be authenticated, access to critical systems can be limited to just users and devices with explicit permissions, and the network’s health can be continuously monitored, all via a centralized, easy-to-operate solution.

For security-centric MSPs looking to grow as we emerge from the global pandemic’s economic challenges, zero-trust represents a lucrative opportunity in a market that is clamoring for better security solutions to meet their rapidly evolving needs.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

This guest blog is part of a Channel Futures sponsorship.