Remote Work Pushes MSSPs to ‘Display Agility’ as VPNs Pose Risk

Organizations around the world continue to support remote work as COVID-19 proves it’s not dissipating any time soon. Managed security service providers remain on the front lines of protecting these customers. And one of the access methods to scrutinize for security gaps is the VPNs that connect to cloud applications. Between ever-savvier hackers and employees who either are unaware or inattentive, VPNs pose a bigger security risk than ever. Some of the common areas to assess for weakness include:

Thales’ Francois Lasnier

Channel Futures recently caught up with Francois Lasnier, vice president of access management at Paris-based Thales’ cloud protection and licensing business line, to talk a bit more about what else MSSPs might need to consider about VPNs.

Channel Futures: What unique approaches are you seeing MSPs/MSSPs take when it comes to this issue of leaky VPNs, especially as they have helped customers suddenly shift to remote work?

Francois Lasnier: For many years, MSPs/MSSPs have built bundled services that integrate elements of network access via VPN, network security and access security such as multifactor authentication into their offerings. These bundled solutions may be delivered from the MSP’s own data center, or rely on white-labeling of third party cloud services. And in the majority of cases, it’s a combination of both.

Over the past few months, as organizations moved to remote working en masse, MSPs have had to display agility in order to keep up with customer demand. From an infrastructure perspective, many MSPs would most likely have had to significantly upgrade the capabilities of their on-premises VPN infrastructure to meet increased demand, which must have been very challenging in the midst of an emergency.

On the other hand, MSPs that rely on cloud services and integrate third-party cloud services into their offerings were in a much better position to more easily expand supply in order to meet the surge in demand for remote access. This is especially true of MSPs who already had cloud-based access management solutions in place.

As an increasing number of remote users accessed cloud services directly and not necessarily through the MSP’s VPN, those MSPs with access management offers were able to offer additional security services to their customers in the form of cloud-based access management and cloud-based authentication for cloud services. By enabling secure remote access directly at the cloud access point and via the more traditional VPN, these MSPs were ultimately less reliant on their on-premises VPN infrastructure, and less at risk of system overload when meeting increased customer demand.

CF: What guidance might you share with MSPs/MSSPs still tackling VPN problems on behalf of their customers supporting remote employees?

FL: VPNs have been very effective in offering remote access in perimeter security models, where users have to log onto the corporate network in order to gain access to their apps and services. As we’ve seen by the massive move to remote working, this model is no longer viable. MSPs who want to remain relevant need to expand their offering to include secure remote access via cloud-based access management, authentication and single sign-on services. By so doing, they will be able to expand their footprint within their customer base, and offer a broader range of services to organizations who are seeking to move to the cloud securely.

CF: Any thoughts to add as they relate to VPNs, remote work and MSPs/MSSPs?

FL: Large end-customer organizations are increasingly relying on MSPs to manage their IT environments. Therefore, MSPs and MSSPs are in a unique position to take advantage of the move from perimeter networking to distributed computing models. By moving to the cloud and expanding their offerings to include cloud-based security services, they will be able to grow their business and act as trusted partners for their customers.