“Zero Trust” has become one of the security industry’s most widely used term and is often misused by certain companies. Today, countless companies claim to offer Zero Trust solutions, but when you look deeper, many fall short of the core principles that define this old-standard security approach. Some limit zero trust to multi-factor authentication, while others focus only on network segmentation or restricted access policies.
At its core, Zero Trust means that no person, device, or system is inherently trusted. This means that every action, connection, and command must be continuously authenticated, authorized, and validated. This model is critical for remote monitoring and management (RMM) and SaaS tools that have the potential to impact entire organizations if compromised by a security breach.
With this in mind, LogMeIn Resolve has taken an aggressive approach with Zero Trust security by embedding all the zero-trust foundational pillars across every architectural layer. Throughout the article, we’ll discuss what zero-trust security really means for organizations and how LogMeIn has set a new standard for advanced security in the RMM space.
So, what is zero trust security?Zero trust security operates on a stringent protocol of "trust nothing, verify everything." It recognizes that numerous entry points exist within an IT ecosystem, including traditional logins, software backdoors, and APIs (Application Programming Interfaces). Under zero trust security, any access to sensitive data or actions requires stringent verification, effectively thwarting potential threats from malicious actors.
For the first time, true zero trust is being effectively integrated into access control within SaaS (Software as a Service) RMM (remote monitoring and management) solutions. LogMeIn is at the forefront of this revolution with the introduction of LogMeIn Resolve, a comprehensive IT management tool. Here's why this is a game changer.
Why zero trust access control is 100% important today
- Access to remote endpoints and data is mission-critical for businesses, making remote access an attractive target.
Actions related to remote access and execution (or IT automation) are high-value targets for malicious actors, especially given the level of “silent" access they provide to a company’s endpoints. Zero trust applied to access control is a valuable tool to counter such threats. - Hybrid work means organizations are flexible-first, not office-centric.
Remote work has changed how and where work happens. IT teams must now support and secure a highly fluid workforce using multiple devices both on and off network. All of this IT complexity (and inconsistency) can open new vulnerabilities that malicious actors are increasingly seeking to exploit. In today's flexible work landscape, traditional, on-premises security measures no longer offer the best protection. - Cyberattacks are increasing in volume and sophistication.
Malicious actors have been busy. They are highly adaptive in their cyberattacks and are eagerly taking advantage of opportunities presented by evolving gaps in security. Cyberattacks like phishing and ransomware, both accelerating since the pandemic began, put personal and business data at risk. If that weren’t bad enough, supply chain attacks can cause catastrophic results for many companies, disrupt business continuity, and result in significant financial impact.
With the risk landscape expanding, the best and perhaps only response is to tighten security with tools like zero trust.
How LogMeIn Resolve’s Approach to Zero Trust Is Unique
As a first for SaaS solutions, LogMeIn is applying zero trust architecture to remote monitoring & management (RMM) access control. This secures remote access and remote execution across deployed hosts to counter malicious actors.
While some RMM solutions claim to have “zero trust security”, LogMeIn Resolve implements it in a way few competitors can match. By implementing the Zero Trust principles across all major architectural components, the system is protected against supply chain vulnerabilities and endpoint compromises. This innovative approach fortifies remote access security and execution across managed devices, effectively countering potential threats.
In LogMeIn Resolve’s approach to Zero Trust Security:
- The applet on a remote device accepts commands from authorized agents only.
- Agents must create and use a unique, individual signature key to reauthenticate sensitive tasks.
- This key is only known to the agent, not to LogMeIn, and cannot be compromised online.
- Even if a malicious actor hacks into the backend or phishes login credentials, the attacker cannot change or create new automations for endpoints without the signature key.
- Endpoints obey only their signed commands.
While traditional RMMs inherently trust their own cloud or backend servers and administrative users, in LogMeIn Resolve, endpoints remain inherently skeptical of privileged admin accounts, eliminating the risk of supply chain attacks.
Zero Trust Provides Safety from High-Profile Supply Chain Attacks
RMM providers have been subjected to continual cyber threats, and recent major incidents have shown the true damage this can cause without proper guardrails in place. Consider the SolarWinds Orion attack (2020) and the Kaseya VSA ransome incident (2021) that caused massive destruction to global businesses by leveraging trusted software updates and backend access.
| Attack / Vulnerability | Impacted Other RMM Platforms | LogMein Resolve Outcome |
|---|---|---|
| SolarWinds Orion Supply Chain (2020) | Backdoored software update, 18,000+ orgs, including U.S. gov agencies | Blocked by mandatory cryptographic command validation |
| Kaseya VSA Ransomware (2021) | Supply chain attack on RMM platform, affected 1,500+ MSPs, 1M+ endpoints | Blocked—only signed, validated commands allowed |
| BeyondTrust Command Injection (2024) | RMM vulnerability exploited for command execution | Prevented—blockchain signature check required |
| ConnectWise ScreenConnect Supply Chain (2024) | Mass attacker exploitation of software supply chain for remote access misuse. See our detailed analysis. | Immune: endpoints never trust backend/cloud alone; every action must pass blockchain-backed independent signature verification |
These kinds of attacks would not have succeeded in LogMeIn Resolve’s Zero Trust Architecture. LogMeIn Resolve is designed directly to prevent entire classes of supply chain, ransomware, and command injection attacks that have devastated the industry.
5 Steps on How to Implement Zero Trust Security
- Conduct an Initial Assessment
- Develop a Zero Trust Architecture
- Choose the Right Tools
- Implement Access Controls
- Monitor, Analyze, and Audit
The first step is always looking inside. Evaluate all your business's digital assets and identify areas you think need improved security. Doing this makes you aware of the status of your security and helps you understand where to focus on. You can check and analyze the access controls in place to pinpoint any security gaps in your system and use this data to guide your implementation of zero trust security.
Zero trust operates in a way that no one should be trusted and granted access by default. That's why applying zero trust principles in every area of your infrastructure strengthens the protection of all your network resources. A zero trust architecture ensures your security controls actively work across the board by implementing stringent authentication methods and continuously monitoring activities.
Go for tools and features that work well with your existing setup to avoid issues in the future. You will likely need Multifactor Authentication (MFA) or Single Sign-On (SSO) as part of your identity verification methods in zero trust security. It's also helpful to pick an expert provider of endpoint detection and response (EDR) systems, access control, network segmentation, and advanced threat analysis. This can help you assess your current infrastructure and guide you toward selecting tools that are proven effective.
You implement a zero trust access control by can breaking down your network into smaller, isolated sections (microsegmentation), each with its own set of security controls. Access within these sections is managed based on user roles and follows the principle of least privilege. Thus, users are granted only the access they need. An Access Control List (ACL) can help define and enforce the rules for who can access what within each isolated segment.
Implementing zero trust security is a continuous process that keeps your business ahead of potential threats. It involves monitoring your network traffic to spot any suspicious activity. You can also identify potential threats and respond to security incidents quickly with advanced analytics. Moreover, you need to conduct security audits to ensure your practices align with zero trust policies and can tackle emerging security challenges.
Gain peace of mind and protection from ever-increasing cyberattacks.
LogMeIn Resolve is architected and purpose-built to protect businesses and their managed devices from malicious actors and to provide supply chain vulnerability protection. It also helps IT professionals streamline their help desk by consolidating the IT management and support software with conversational ticketing in a single console so agents can oversee, respond, and fix issues from one place. Check out LogMeIn Resolve today.
