Cybersecurity Mesh: IT's Answer to Cloud Security

The term "cybersecurity mesh" has been around for a couple of years now, but it's making the rounds again after Gartner declared it the second-highest strategic trend of 2022. To be fair, it is a good term, as it adequately expands upon the zero-trust paradigm. Given that zero trust has been around for nearly two decades, most are familiar with the zero-trust network (ZTN) model. It is the idea that all network access requests should be considered unreliable until proven otherwise.

In a zero-trust environment, all subjects are continuously vetted; all traffic is encrypted; and user health, device health, and session context are all assessed before access is granted to the network. The principle of least privilege is employed, meaning that users are granted access to the least amount of network data for the shortest amount of time necessary to complete a given task. Lastly, multifactor authentication (MFA) and user and entity behavior analytics (UEBA) are employed to protect the network.

The general consensus is that zero-trust security architecture is the way to go, so why do we need this new term, cybersecurity mesh architecture (CSMA)? What was the impetus behind CSMA? In short, the global pandemic. The pandemic created a paradigm shift, whereby organizations rushed to facilitate remote work and cloud migration. IT personnel were faced with the challenge of managing a host of new assets, most of which were well outside of the traditional security perimeter. This all led to the popularization of CSMA.

What Is CSMA?
According to Gartner, CSMA is "a flexible, composable architecture that integrates widely distributed and disparate security services." Although described as an architecture, CSMA is arguably more of a strategy; it's an initiative that brings organizations' security tools closer to the assets that they protect.

An extension of zero trust, CSMA creates unique perimeters around every person, machine, and entity. Much like a regular ZTN model, the identity and context of users and devices are considered; for example, the identity of a person, time of day, and location could be assessed before access is granted. However, with CSMA, things are taken a step further. There are now as many perimeters as there are access points. One can think of this as a form of microsegmentation, whereby every single device and access port is surrounded by a security perimeter.

Mesh architecture moves control ports closer to the assets they need to protect; however, control ultimately still resides in a centralized point. A centralized authority manages all the security perimeters.

Another way to think about CSMA is as an end-to-end ZTN with security tools that are no longer siloed. With CSMA, organizations are encouraged to deploy security solutions that work seamlessly together, rather than security tools working in silos. According to Gartner, CSMA provides this collaborative cybersecurity structure via four different layers.

CSMA's Supportive Layers
Per Gartner, the supportive layers are security analytics and intelligence; distributed identity fabric; consolidated policy and posture management; and consolidated dashboards. Let's briefly discuss each in turn.

Security analytics and intelligence describes a layer comprised of various security tools, all of which communicate with each other. In conjunction with the individual security perimeter around every user and device, UEBA tools work to detect behavioral anomalies, reduce insider attacks, and gain contextual data for further investigation.

Distributed identity fabric denotes a layer comprised of data and connected processes. Within this layer, analytics tools continuously assess data points from disparate applications; these tools not only actively recommend where data should be used and modified, but they also help to differentiate between genuine, approved users and malicious attackers.

Consolidated policy and posture management is the layer through which IT personnel can define application access policies for users and devices — all from a central location.

These layers, which can be thought of as the "data security mesh," all exist beneath the network layer; put differently, they work together to monitor where data is used, stored, and shared by every user and device in the network. With a properly functioning CSMA, one can guarantee safe, authorized access to data from any access point.

New AI Regulation Coming
Given that it is an information-centric security model, the CSMA will be crucial in the forthcoming age of stringent data regulation. The EU's GDPR has been in effect for two years, and artificial intelligence regulation is coming. Although the timetable is unclear, the EU's forthcoming AI Act is projected to be finalized and implemented in 2023.

Given the steep penalties for data breaches, protection of user data is vital. With CSMA, IT personnel not only gain scalability but also greater visibility and access control over data.

By creating individual security perimeters around every single access point, CSMA ensures that only authorized people and devices access corporate data and applications. An extension of zero trust, CSMA offers a flexible, scalable, responsive approach to security, while allowing IT personnel to manage every access point from a centralized point of authority.

According to Gartner's predictions, "By 2024, organizations adopting a CSMA will reduce the financial impact of security incidents by an average of 90%." Employed correctly, this architecture will reduce breaches, minimize attacks, and save organizations a great deal of money.