It looks like there is only an active state for sandboxes - no suspended/offline state - and that otherwise you can only open or delete the sandbox from the Admin Center.

We use premium sandbox for dev testing and UAT with potentially sensitive data in tickets. When testing is complete - particularly UAT where we have a bunch of testers in addition to developers - it would be expedient to suspend the entire sandbox.

While the option to delete is one way to secure the environment and the data in it, this severs the work that the devs perform - especially if the changes haven't been pushed to production yet. For instance, in a scenario where a UAT segment completes, then there are 2 or 3 sprints outside Zendesk, and then another sprint where they need to return to testing with Zendesk, the available options are to (1) delete then recreate the sandbox or (2) leave it up and pray.

You could maybe suspend all user access individually, use allow/block list, restrict all IP addresses, or take some other hacky steps, but it would be more cohesive and direct to be able to suspend the sandbox from the parent account itself. This would allow the admin to protect potentially sensitive test data in sandbox quickly and completely without too much effort to lock it down.