Connect
Why Traditional Network Security Models Inflate MSP Costs While Delivering Less Value
The economics of network security have flipped. For 20 years, MSPs built security strategies for the perimeter: firewalls, VPNs, and network segmentation. This model worked when applications stayed in data centers and employees worked from offices.
Today, that world no longer exists.
According to Verizon’s 2025 Data Breach Investigations Report, 22% of breaches started with stolen or compromised credentials. This makes them the top initial attack vector. In total, 60% of breaches involved human factors, credential misuse, errors, or social engineering. For web apps, 88% of breaches used stolen credentials.
Perimeter security is all but obsolete. An expensive perimeter defense protects against threats that no longer dominate. For MSPs, this model increases both costs and opportunity loss. This article explores a proven alternative to perimeter security. It’s an approach that improves your security posture and saves you money.
The Hidden Cost Structure of Perimeter Defense
Managing a 500-seat client with legacy tools leads to major financial drag:
- Infrastructure Costs: Next-gen firewall services cost $300–$450 per month. A client with three sites may pay up to $1,350 monthly for firewalls alone.
- VPN Overhead: Supporting 200 employees with VPN can cost $283,300 per year, including breach risks and management time.
- Productivity Loss: Remote workers lose about 15 minutes each day to VPN issues. MSPs then face a steady stream of support tickets.
- Operational Complexity: MSPs spend 15–20 hours each month per client managing firewalls. Every new app or remote request adds more work.
Not only is it expensive, but the attackers have moved on. They’re not breaching networks at the edge, they’re exploiting identity.
Ransomware appeared in 44% of breaches in 2025, rising from 32% the year before. Attackers steal credentials, log in like legitimate users, and move laterally across systems. Traditional perimeter defenses never detect them because in their eyes they behave like regular users.
MSPs continue to spend heavily on firewalls, yet those tools only address about 20% of modern threats.
Zero Trust: A Smarter Economic Model
Zero Trust Network Access (ZTNA) changes the equation. It assumes breaches will happen and verifies every access request.
The business case for ZTNA rests on four core benefits:
- Eliminates VPN Costs: Gartner forecasts that 70% of new remote access projects will use ZTNA by 2025. Moving a 500-seat organization to ZTNA can save $400,000–$500,000 per year.
- Enables Faster Breach Detection: Companies using Zero Trust frameworks save an average of $3.8 million per breach.
- Simplifies Operations: MSPs report 40–60% fewer access-related support tickets after adopting ZTNA.
- Implements Least-Privilege Access: ZTNA limits access at the application level. Even if attackers steal credentials, they only reach a small slice of the environment.
How to Transition to Identity-First Security
Moving to Zero Trust isn’t a rip-and-replace project. It’s a phased, strategic rollout:
- Start with Cloud Apps: Use ZTNA for new applications to avoid disrupting current workflows.
- Migrate Remote Workers Gradually: Transition users in batches to manage change smoothly.
- Extend to On-Prem Apps: Connect legacy systems and reduce VPN reliance.
- Decommission VPNs: Retire outdated infrastructure and unlock full savings.
The Bottom Line
MSP margins face mounting pressure. The average security stack now includes 76 products. Continuing to pour money into perimeter defense while identity-based threats rise is a losing bet.
Identity is the new perimeter. Build an identity-first security architecture that delivers stronger protection, and stronger margins. It starts with two words: Zero Trust.
If you’re unsure where to start, or have found your Zero Trust initiatives stalling, get yourself a copy of The Zero Trust Playbook You’ve Been Waiting For. This guide will help you develop an understanding of what complete Zero Trust coverage looks like. It provides ideas about what it takes to get there, and how to scale your program without letting complexity stall your progress.
Are your Zero Trust initiatives stalled?
Find out what it takes to keep momentum going and bring Zero Trust to everyone and everything.
