January 11, 2023

Managed Service Providers (MSPs) are Living on the Edge

By Bill Welch

Managed service providers (MSPs) are living on the edge. Their customers keep redefining the perimeter, as organizations of all sizes increasingly depend on cloud applications and a hybrid or fully remote workforce.

Small and medium-sized businesses (SMBs) are benefitting from these advances, experiencing increased value from platforms that are software-driven and cloud-enabled. Organizations and their employees can experience new integrations and better productivity, no matter where they work.

However, there’s a serious flaw in this development: security. Many SMBs still depend on Virtual Private Networks (VPNs) to stay connected with their remote employees. Over the years VPNs have established a reliable track record of protecting users and corporate assets outside the corporate network. However, with their dependence on perimeter-based security approaches using onsite appliance-based firewalls, VPNs are no longer sufficiently secure for today’s on-the-go users and cloud SaaS workflows.

Rethinking VPNs

MSPs who are still using VPNs must rethink their methods. There are several reasons MSPs need to move to the most advanced technology available, which is Secure Access Service Edge (SASE), but it starts with better security.

Legacy VPN systems do a poor job of securing remote or hybrid workers, especially with so many applications moving to the cloud. Cyber criminals are keenly aware of this, which is why they increasingly target remote and hybrid workers who are typically working from home offices protected primarily by VPNs. In a recent industry survey, 87% of network, IT and security experts said they felt that hybrid work increased an organization’s attack surface.

Most or all SMB’s applications have moved to the cloud or will soon move. VPN appliance solutions predate this transition and were primarily designed to protect onsite corporate resources, applications, and corporate data for users outside the corporate network.

Once an SMB workflow becomes cloud-based, however, VPNs fall short in efficiently providing security without creating bottlenecks. VPN-based appliances are cumbersome and inefficient for cloud-based SaaS applications, which creates performance problems. When users are outside the office and the applications are in the cloud, it does not make sense to tie the overall security back to onsite firewall appliances. The firewall has limited hardware resources and the SMB internet link could be overburdened or inadequate. As a result, end users become frustrated with lag, which slows down business needlessly.

Perimeters and pandemics

Let’s catch our breath for a moment and revisit. How did we get here?

VPN technology first started back in the 1990s and so many things have changed since then. Much of the over-dependency on VPN solutions today dates to the Covid pandemic’s sudden onset in Q1 2020. Lockdowns were launched, and SMBs were forced to move to remote as employees hurriedly switched to full time work from home.

MSPs rushed to help customers move from a centralized, in-office model to a remote-based one. Strategic, long-term thinking was simply not an option in most cases, with many MSPs plugging in anything available to make these widespread users function ASAP.

The thinking at the time usually wasn’t, “Is this the best method?” Instead, it was about going with whatever was readily available to get businesses back up and running as quickly as possible, with everyone accepting the tradeoffs.

Today, both MSPs and their SMB clients have a different perspective. Fully remote or hybrid work is clearly here to stay, providing the opportunity to hit reset and look for a better way to protect remote and hybrid workers and the SMBs’ digital assets.

What is Secure Access Service Edge?

MSPs realize that they need a better approach to managing network access and maintaining security controls. Solutions like Datto Secure Edge represent the most evolved protection, providing MSPs with the cybersecurity technology known as Secure Access Service Edge (SASE).

Although both VPNs and SASE are designed to authenticate and provide secure access to remote users, they apply very different methods to do this. Unlike the VPN approach of using an onsite firewall, SASE combines several network security protocols into one cloud-based solution, contributing to a multi-layered security approach.

With Datto Secure Edge, for example, multiple features and tools are used. These include secure web gateway (SWG), Firewall as a Service (FWaaS), software-defined Wide Area Network (SD-WAN), and Zero Trust Network Access (ZTNA). High corporate security standards are maintained such as next-generation firewall protection, providing content filtering, application control, blocking web advertisements and tracking to stop web-based threats and related cyber risks.

The Datto Secure Edge system provides easy cloud deployment, can dynamically scale, and is cost-effective. These benefits are particularly important in helping MSPs to address some of the most important challenges currently facing the networking silo of their business.

One key problem is the MSP talent drain. Retaining skilled employees is already difficult and gets even harder once the MSP has trained them on high-end networking offerings like Palo Alto, Cisco, and VMware. Once these staffers are proficient in these solutions, they often get hired away to a larger enterprise. As a result, MSPs find they’ve trained an employee right into another job, leaving them short-handed on their next complex networking project.

The second networking obstacle that MSPs routinely face is the fragmented state of VPN technology. MSPs are dealing with a scattered landscape with dozens of available solutions, and in most cases they are piecing together three or four to connect SMBs with their remote employees across all their clients.

By streamlining their perimeter security with a SASE solution like Datto Secure Edge, MSPs can solve these problems. It standardizes the technology so that Level One techs don’t have to learn multiple appliance-based solutions – they only need to master a single system.

Because SASE is easy to deploy, cloud-based and highly scalable MSPs can confidently add seats and resources – without the worry of running out of hardware capacity or needing to manage the available Internet Service Provider (ISP) bandwidth or worry about cumbersome licensing. This makes it possible for MSPs to build up their networking business to serve SMBs’ remote workforces, all while improving security.

What is Zero Trust Network Access (ZTNA)?

The heart of Datto Secure Edge’s cyber security effectiveness is Zero Trust Network Access (ZTNA). This “trust but verify” approach is an efficient way to take on the increased risk of cyber threats.

Built-in content filtering is a key component of ZTNA, providing an additional security layer to manage web traffic and protect users, applications and data. Content filtering lowers a user’s risk profile by limiting which sites they can visit, such as social media sites like Facebook, which can tempt people into clicking through to ransomware.

Going beyond filtering, ZTNA helps ensure improved response times for the business-critical SaaS and web applications that often slow down with remote working. With Datto Secure Edge, traffic to these key productivity apps is prioritized to ensure their optimal performance. One example is voice calling, which is set at the top of the transmit queue to prevent voice packets from getting stuck behind a file and rendering it inaccessible.

More efficient for MSPs

Defending the edge has become front and center for MSPs. The innovations of SASE not only help MSPs to better protect their customers, but also their own bottom line with the increased efficiencies that come with moving on from VPNs.

Because it’s cloud native, Datto Secure Edge is quickly and easily deployed in minutes by an MSP. With the ability to connect to corporate firewalls and provide seamless security controls, it eliminates the need for MSP personnel to swap it in during an onsite visit – an unpopular assignment since this would typically be required during network downtime like nights, weekends or holidays. Available with Datto’s 24x7x365 dedicated support, Datto Secure Edge means MSPs can adopt SASE with total confidence.

Cybersecurity best practices are changing rapidly. MSPs who choose SASE can now retire the outdated architectures of VPNs and switch to a multi-layered solution that makes sense for today’s remote and hybrid workforce. For SMBs who need maximum protection for those living on the edge, Datto Secure Edge is the smart move.

To learn more about Datto Secure Edge, request a demo.

Suggested Next Reads

What Is Network Topology Mapping?

Network topology mapping is the process of visually documenting the physical and logical structure of a network.