MSP Summit is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Implementing Zero Trust: What Partners Need to Know

By Edward Gately | October 4, 2021
zero trust

Zero trust increasingly is touted as the best method for organizations to keep cybercriminals out of their networks

Zero trust is a security framework requiring all users, whether inside or outside the organization's network, to be authenticated, authorized and continuously validated for security configuration and status before being granted or keeping access to applications and data.

Cybersecurity experts illustrate the benefits of zero trust at just about every security conference. In addition, they’re saying it’s a competitive advantage. If you don’t have it, you’re giving hackers an open invitation to attack.

However, there are a lot of questions and challenges associated with zero trust. Danny Jenkins, ThreatLocker’s CEO and founder, has the answers.

During his MSP Summit keynote, titled “Demystifying Zero Trust and Its Role in Cybersecurity,” Nov. 1, Jenkins will discuss how to adopt zero trust and the technologies channel partners need to take control of their environment in the fight against ransomware. The MSP Summit is co-located with the Channel Partners Conference & Expo, Nov. 1-4, in Las Vegas.

Jenkins said zero trust is the idea that security “should start with no trust, and allow by exception.”

“It is required in the federal government and recommended by analysts,” he told Channel Partners.

ThreatLocker's Danny Jenkins

The Biden administration’s policy arm, the Office of Management and Budget (OMB), and lead cybersecurity agency, the Cybersecurity and Infrastructure Security Agency (CISA), released zero-trust guidance for federal agencies last month. The OMB gave agencies until the end of September 2024 to meet five specific zero trust security goals.

Jenkins said implementing zero trust can be a difficult process. That's because it is more of a security concept than a standalone technology. It’s incorporated in many solutions that have to work together in an integrated fashion.

“There are tools that make it easier and viable for MSPs,” he said.

Zero trust does represent a growing opportunity for MSSPs and other cybersecurity providers, Jenkins said.

“More businesses are required to implement zero-trust frameworks for compliance, and it is heavily pushed by the government,” he said.

Implementing a zero-trust framework can involve various technologies, Jenkins said. Those can include privileged access management (PAM), whitelisting and ring-fencing.

Whitelisting is a cybersecurity strategy under which a user can only take actions on their computer that an administrator has explicitly allowed in advance. Segmenting high-value digital assets with ring-fencing policies isolates them from the broader IT infrastructure, reducing their exposure to threats from both inside and outside of an organization.

Jenkins said he hopes attendees leave his session with an understanding of the “different angles of the security triangle.” Those are confidentiality, integrity and availability.

Tags:
MSP Summit, cybersecurity