¶ Overview
Exium’s SASE solution empowers Managed Service Providers (MSPs) to deliver tailored security controls across various industry verticals by setting up multi-tier security policies and rules. These policies are orchestrated at different hierarchical levels, providing granular control and adaptability to meet specific use case requirements. The multi-tier security policies and rules can include:
| Web categories access controls | Threat intelligence feeds integration | Blocking of malicious, ad, and tracking domains | Domain and IP-based rules | Geo-fencing policies for location-based restrictions | Time-based policies for access during specific periods |
|---|
¶ Tailored Security Controls Across Hierarchical Levels
¶ Multi-Tier Security Policies
Exium’s platform allows MSPs to establish security policies across several levels as shown in the figure below:
|
MSP Partner Level |
Client Tenant Level |
Group or Site Level |
User/Device Level |
|---|---|---|---|
| Define overarching security policies and rules that apply to all client tenants. | Tailor these policies to the unique needs of each client. MSPs can propagate MSP-level policies down to the tenant level effortlessly, ensuring consistency and ease of management. | Fine-tune security by applying specific rules to particular business units or physical locations, adapting to the unique operational requirements of each group or site. | Implement individual security controls based on user roles or device types, allowing personalized security measures that cater to distinct access needs. |
¶ Precedence of Policies
The hierarchy for policy execution, from lowest to highest precedence, ensures that more specific rules override broader ones:
- MSP Partner Level: Baseline policies applicable across the entire MSP client base
- Client Tenant Level: Customized tenant policies
- Group or Site Level: Policies targeting specific groups or sites
- User Level: Individualized user-specific policies
This structure allows for flexibility and precise rule enforcement that addresses the unique demands of different industries and client types.
¶ Seamless Policy Management for MSPs
By designing an intuitive interface for managing these policies, Exium enables MSPs to establish and manage complex security frameworks with a single click. This efficiency reduces administrative overhead while maintaining robust security postures across client environments.
¶ MSP Partner Level Policy Management:
- Navigate to the MSP admin console
- Click on “Zero Trust Policies”
- Select and enable Baseline policies that you can later apply to your client base
¶ Client Tenant (Workspace) Level Policy Management:
- Apply the baseline policies you've configured to your entire client base or to specific clients, as illustrated in the screenshot below.
- Customize tenant-specific policies further, as outlined in the following steps. Changes made at the tenant level will take precedence over the MSP partner level policies.
¶ Group (and User) Level Policy Management:
- Navigate to the MSP admin console : Go to "Companies" and select the desired company name, or access the Customer/ Client Workspace Sign In directly.
- Click on “Zero Trust Policies” in the menu.
- To define new rules, click on “Rules” and then select “Add Rule.”
- Choose and enable policies for the entire tenant (workspace) or for a specific group.
- If you have not yet created or imported user groups into the tenant workspace, click on “Users and Devices,” then select “Groups,” and click on “Add User Group.”
For comprehensive instructions on configuring policies at the workspace, group, and user levels, please refer to the documents: "Web and SaaS Security" and "Zero Trust Network Access Control for Private Applications."
¶ Site (or Gateway) Level Local Policy Management:
- Access the MSP admin console: Navigate to "Companies" and select the desired company name, or go directly to the Customer/ Client Workspace Sign In.
- Click on “Sites” and then select “Local Policies.”
- Be aware that any changes made at the site level will take precedence over MSP partner level and tenant (workspace) level policies.
- Additionally, you can configure and define policies specific to the sites (gateways), including options such as “Port Forwarding” and “DHCP Leases.”
¶ Policy View
The multi-tier and multi-policy capabilities offer powerful, granular control over access and security for users, devices, and sites. However, their interactions can be complex, which is where the policy view proves useful.
Accessing Policy View:
- Navigate to the MSP admin console .
- Go to "Companies" and click on the desired company name, or directly access the Customer/ Client Workspace Sign In.
Navigating Policy View:
- Select "Users and Devices" and then click on "Policy view."
Viewing Policies:
- Choose either "User View" or "Group View" at the top to see the precedence of policies applied to specific users or groups.
Detailed User View:
- Under "User View," you can examine policies for individual users and site/gateways.
- Select a user or a site (gateway) to see the order of policy precedence.
¶ Conclusion
Exium’s SASE solution offers MSPs unparalleled ability to tailor security controls to meet the diverse needs of various industry verticals. Through a hierarchical setup of multi-tier security policies, Exium provides a scalable and manageable approach to enforce comprehensive, customizable, and effective security measures. By leveraging this solution, MSPs can enhance their service offerings, providing clients with adaptive and robust security infrastructures tailored to their unique operational landscapes.
To learn more about implementing SASE, XDR, IAM/ MFA, and GRC for your organization and explore tailored solutions that meet your unique requirements, contact Exium at partners@exium.net for a consultation or demonstration. If you are ready to get started, check out our testing and onboarding process.