惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
Recent Commits to openclaw:main
Recent Commits to openclaw:main
H
Heimdal Security Blog
SecWiki News
SecWiki News
H
Hacker News: Front Page
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
TaoSecurity Blog
TaoSecurity Blog
AI
AI
C
Cybersecurity and Infrastructure Security Agency CISA
Scott Helme
Scott Helme
PCI Perspectives
PCI Perspectives
S
Securelist
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Cyberwarzone
Cyberwarzone
A
Arctic Wolf
Forbes - Security
Forbes - Security
T
Tor Project blog
Spread Privacy
Spread Privacy
WordPress大学
WordPress大学
I
Intezer
Martin Fowler
Martin Fowler
Help Net Security
Help Net Security
P
Proofpoint News Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
博客园 - 司徒正美
W
WeLiveSecurity
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
V2EX
P
Palo Alto Networks Blog
Google DeepMind News
Google DeepMind News
IT之家
IT之家
阮一峰的网络日志
阮一峰的网络日志
V
Vulnerabilities – Threatpost
Jina AI
Jina AI
S
Security Affairs
Hacker News - Newest:
Hacker News - Newest: "LLM"
Simon Willison's Weblog
Simon Willison's Weblog
Project Zero
Project Zero
T
Threatpost
P
Privacy International News Feed
人人都是产品经理
人人都是产品经理
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - Franky
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research

The Duo Blog

Active Directory security: how to stop modern threats | Cisco Duo Duo + PlainID: Dynamic Authorization Meets Enterprise Identity | Cisco Duo Continuous identity security explained | Cisco Duo Salesforce The modern MFA toolkit: push, biometrics, and security keys | Cisco Duo Cisco Duo Identity Summit Preview | Cisco Duo Duo Brings Identity and Authorization Across AI Agent Gateways | Cisco Duo Passwordless for Microsoft 365 starts with federation Custom Admin Roles: Granular control for every Duo admin Token theft, vendor abuse, and the new identity threat surface How Duo Directory automates user lifecycle management Cisco Systems Named a Customers’ Choice in Gartner Peer Insights™ 2026 Voice of the Customer for Access Management Identity provider resilience: backup and split IdP approaches | Cisco Duo Agentic AI Security: Three Threats Your Team Should Know | Cisco Duo Secure client access at scale with Duo and Meraki | Cisco Duo IdP Concentration Risk: Why Single-IdP Dependency Puts You at Risk | Cisco Duo Endpoint Management as an Attack Vector: Lessons from Stryker | Cisco Duo Passwordless authentication without cookies: Duo Push updates Introducing Duo Agentic Identity Solving the double prompt: Better UX with AMR in Duo SSO Simplify compliance with MFA, device trust, and policies Cisco Systems Named a Customers’ Choice in Gartner® Peer Insights™ 2026 Voice of the Customer for User Authentication The Hitchhiker’s Guide to Shibboleth Launching Active Directory Defense: Strengthen On-Prem AD Security | Duo Security Industry specific IAM for MSPs Duo delivers: 99.99% uptime SLA for every customer
Why identity-led security matters for MSPs right now
Janet Ho · 2026-02-24 · via The Duo Blog

Product & Engineering

Why identity-led security services matter now for MSPs

Headshot of Janet Ho, Duo Product Team

6 minute read

When was the last time a customer asked, “What security changes should we be planning for in the next 6–12 months?” or “What are our biggest IT risks, and how are you proactively addressing them?”

Those questions are coming up more often, not because customers suddenly became security experts, but because security incidents are constantly in the news. Buyers are more informed, and threats are more visible.

Security conversations aren’t just about uptime; buyers want to understand where they’re exposed and how they are being protected. With phishing and access-based attacks among the most common ways breaches start, identity risk is no longer something MSPs can leave vague. More buyers are evaluating partners based on how well they can explain and manage threats, not just keep systems running.

Get the guide to start building identity-led services for MSPs

If this shift is starting to show up in your customer conversations, we put together a Duo IAM Service Creation Guide for MSPs to help you evaluate identity-led security as a service. We’ll show you how to assess demand, size the opportunity, and build a business case before committing to a new offering. This post highlights why identity is becoming a growth lever; the guide helps you decide if and how it fits your business.

Get the free interactive guide now Service Creation Guide

Core IT services still matter, but they’re also increasingly commoditized and tough to differentiate. At the same time, hardware management can squeeze margins once labor, support, and operational overhead are factored in. This reality is pushing MSPs to look beyond the basics and focus on services that can drive growth.

These shifts are shaping where MSP growth is coming from next. They help explain why identity-led security is becoming a practical growth path and why it builds naturally on what MSPs already do well. Let’s dig deeper.

1. Security has become a business priority, not an add-on

Downtime, insurance premiums, regulatory exposure, and reputational damage have all raised the bar; good enough security just doesn’t cut it anymore. In many cases, a single incident can materially disrupt or even shut down a business. Customers know this now and are more willing to pay upfront to reduce risk than pay far more for recovery.

For MSPs, this creates a real opportunity. The providers seeing momentum aren’t replacing IT services, they’re layering security on top of them. In fact, MSPs earning net profit margins of 15% or more ranked security among their top three revenue streams.

2. Identity is the new growth engine

The attack surface has changed.

Roughly 60% of breaches now involve identity in some form. Stolen credentials, access misuse, social engineering, and compromised authentication paths are the most common entry points for attackers. It’s not an area MSPs can ignore anymore.

When apps lived on premises and most people worked from the office, security teams had decent visibility into network traffic. But once applications moved to the cloud and people started working from everywhere, who was asking for access mattered more than the networking they were coming from. But many security tools were never designed for that world.

Network and endpoint tools can tell you where access originates and what device is in use, but not whether the user behind that access should be trusted, or whether that trust still holds as conditions change.

This is where many traditional Identity and Access Management (IAM) solutions begin to fall short. They were built for a static, perimeter‑based world: log in once, apply basic rules, and move on. They are often complex to deploy, expensive to maintain, and they don’t adapt quickly to modern identity‑driven threats. Security is often added after the fact, rather than built in from the start.

Modern IAM looks different today. It doesn’t just check identity once and move on, it keeps evaluating trust as users access apps, using phishing‑resistant MFA and passwordless access with continuous, context‑aware policies to decide what’s allowed. That means phishing and stolen credentials get stopped early and access adjusts as things change. This is where Cisco Duo solutions come in: secure by default, easy to deploy, and free from heavy infrastructure, while still delivering a world‑class user experience for both end users and MSPs.

3. Identity and network must work together to close security gaps

Security breaks down when identity, devices, and networks operate in silos. Even strong authentication loses value if access decisions don’t adapt to changing conditions, device trust, network trust, or session risk changes. A login that was safe minutes ago or even hours ago might not be safe after a network change or if the device’s software posture changes.

That’s why modern access can’t be a one-and-done decision anymore. By bringing identity and network signals together under a shared policy model, access decisions can answer: Is this still the right user, on a trusted device, from a safe environment? For MSPs, this matters because customers increasingly expect security to adapt in real time, not relying on one-time checks.

Turning opportunity into a service

The takeaway isn’t that MSPs need to abandon what already works. Core IT services will always matter. But the market around them is changing. Identity-led security sits naturally on top of the IT services MSPs already deliver, and it helps you answer questions about threats and how you’re protecting your customers. It’s not a rip and replace strategy; it’s an evolution. One that creates room for stronger differentiation, deeper customer trust, and more durable growth.

I hope this has sparked some curiosity about where identity-led security might fit into what you already do, and whether it’s worth building a business case. Our team is happy to help you through this journey. The Duo MSP program is built to make things easier as you grow. Pricing is simple and pay‑as‑you‑go, with no complicated tiers or minimums to worry about. You’ll be working with a leading IAM platform with award-winning MFA, backed by dedicated partner managers, access to extensive documentation, and NFR licenses so you can test, learn, and build before rolling anything out. Sign up on the Duo MSP page or reach out to msp@cisco.com to start your Duo MSP partnership today.