IT and Business Insights for SMB Solution Providers

Never Trust, Always Verify

How MSPs can address client concerns about third-party access. By Maurice Côté

As the IT landscape becomes increasingly complex and risky, a growing number of organizations are partnering with managed service providers. There are several valid—or make that vital—reasons why this is a smart decision. Yet despite significant advantages, some organizations are still hesitant to partner with an MSP, not because they fail to see the benefits, but because they are concerned about cybersecurity. Specifically, they are worried that their sensitive endpoints and networks could be accessible by MSP staff (employees and contractors).

Essentially, this apprehension is not “personal”; they don’t have an inherent fear of MSPs. After all, MSPs are the good guys/gals on the cybersecurity landscape! Rather, it is that some organizations are anxious about any scenario in which their endpoints and networks are accessible by any third party. And given the high-profile cyberattacks that have impacted MSPs recently, who could blame them?

Core Tools

MSPs who face this situation—and those that have not yet dealt with it almost certainly will in the months and years ahead—can alleviate these concerns by implementing a “never trust, always verify” approach in their clients’ infrastructure. This approach is rooted in four core tools:

  • Account Brokering. This allows authorized MSP staff to open a VPN client, launch a remote access protocol, or use a privileged account for certain operations—but without ever seeing credentials.  
  • Connection Manager. This assures clients that authorized MSP staff will never use a back door to access the environment, since passwords and credentials are controlled by the connection manager tool. And as a bonus, using a connection manager is also more efficient for MSPs.
  • Bastion Host Server. This opens a secure tunnel that prevents lateral movement within the network. As such, if bad actors breach an endpoint, they will not have unfettered access.   
  • Privileged Access Management (PAM) Solution. This triggers alerts and logs for accessing accounts, and supports advanced workflows where approval is granted prior to accessing a resource.    

In addition, MSPs should choose their remote connection solution wisely. For instance, some leading remote connection solutions have built-in account brokering functionality, which as discussed above, increases both security and client peace of mind since credentials remain hidden. 

This set of tools can be compared to a security team that offers “white glove” service by not only opening doors (i.e., enabling access for authorized individuals), but also tracking who accessed what, when, and for how long. This extensive visibility further assures clients that an MSP’s services are being provided in a highly secure and diligent manner. 

The Bottom Line

As long as there are endpoints and networks, there will be hackers who try to breach them. That is the bad news. But the good news is MSPs that use these tools to implement a “never trust, always verify” approach significantly reduce their clients’ exposure and vulnerability to unauthorized third-party access. This is a win for organizations that clearly—and in many cases urgently—need to avail themselves of the critical services and solutions offered by MSPs. And it is a win for MSPs that expand their client base and enhance their impact.

MAURICE CÔTÉ is vice president of business solutions at Devolutions, a provider of best-in-class privileged access management, password management, and remote connection management solutions to ALL organizations—including SMBs.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.