Notifications
Clear all
Topic starter
12/06/2026 10:01 pm
TL;DR: Perimeter security no longer matches the dominant breach path: Verizon’s 2025 DBIR says 22% of breaches start with stolen or compromised credentials, 60% involve human factors, and 88% of web app breaches use stolen credentials. The security model is shifting from edge control to identity control, and MSPs that keep funding firewalls instead of access governance are absorbing higher cost for less risk reduction.
NHIMG editorial — based on content published by JumpCloud: Why Traditional Network Security Models Inflate MSP Costs While Delivering Less Value
By the numbers:
- 22% of breaches started with stolen or compromised credentials.
- 60% of breaches involved human factors, credential misuse, errors, or social engineering.
- 88% of breaches used stolen credentials.
Questions worth separating out
A: Security teams should shift priority toward identity enforcement, application-level access, and least privilege.
Q: Why do stolen credentials make traditional network security less effective?
A: Because once an attacker has valid credentials, they often look like a normal user or workload to perimeter tools.
Q: What should MSPs prioritise first in an identity-first security shift?
A: MSPs should start with the access paths that create the most exposure and operational friction.
Practitioner guidance
- Rebalance spend toward identity controls Review whether firewall, VPN, and segmentation budgets are crowding out IAM, PAM, and access governance work that better matches current breach patterns.
- Scope remote access to applications, not networks Use application-level access boundaries so stolen credentials cannot automatically inherit broad network reach across hybrid environments.
- Measure support burden as a security metric Track tickets, onboarding friction, and policy exceptions alongside control coverage so the programme reflects operational reality, not just architecture diagrams.
What's in the full article
JumpCloud's full article covers the operational detail this post intentionally leaves for the source:
- The cost breakdown behind firewall, VPN, and support overhead assumptions for a 500-seat environment
- The phased migration pattern from cloud apps to remote users and then to on-prem applications
- The article's own framing of Zero Trust economics for MSP business margins
- The practical positioning of ZTNA as a replacement for legacy perimeter workflows
👉 Read JumpCloud's analysis of why identity-first security is replacing perimeter models →
Perimeter security costs are rising, but identity threats now dominate?
Explore further
13/06/2026 12:31 am
Perimeter security is no longer the primary control plane for modern breach prevention. Credential theft now drives a large share of initial access, which means the most relevant control is entitlement quality, session assurance, and access scoping. The perimeter still has value for segmentation and containment, but it is no longer the place where most modern compromises begin. Practitioners should treat identity governance as the front line, not the backstop.
A few things that frame the scale:
- 35.6% of organisations cite managing consistent access across hybrid and multi-cloud environments as their top NHI security challenge, according to The 2024 Non-Human Identity Security Report.
- Only 19.6% of security professionals express strong confidence in their organisation's ability to securely manage non-human workload identities.
A question worth separating out:
Q: Who is accountable when perimeter-heavy security leaves credential abuse unchecked?
A: Accountability usually sits with the teams that own access architecture, identity governance, and operational security, not just the network stack. If credentials are the dominant attack path, then security leaders must treat identity control as a core programme responsibility. The governance question is whether the organisation has aligned ownership with where attacks now actually start.
👉 Read our full editorial: Identity-first security economics are overtaking perimeter models for MSPs
