What is the Cybersecurity Mesh and how can it help you?

Cybersecurity has become more complicated over the past two years for two main reasons: multi-cloud and remote working.

Most organizations today use multiple cloud providers across IaaS, SaaS, and PaaS models. Individual applications also often span multiple cloud service models from multiple vendors. Consider a service-based application that does the following:

  • uses AWS Lambda and Microsoft Azure Functions to serve content pages from containers in Google Cloud Run;
  • uses Fastly as a content delivery network;
  • integrates with Salesforce;
  • connects to a back-end trading partner API in Heroku; and
  • uses the identity services of Auth0.

It’s not an unrealistic scenario. Just consider the number of different service providers and models integrated into it. Believe it or not, this example is significantly less complex than the number of real working applications.

There is also the COVID-19 pandemic to contend with. As tech ecosystems have become more fragmented due to the growth of the cloud, COVID-19 has decentralized the workforce as employees dispersed across the country or, in some cases, around the world. This, in turn, has led to increased demand for distributed technologies and increased adoption of geography-agnostic services such as SaaS.

Securing anything under these conditions strains the security architectures of yesteryear. It’s time for a new approach. This is where the cybersecurity mesh comes into play, reducing the need for a specific computing environment.

What is a cybersecurity mesh?

Cybersecurity Mesh Architecture (CSMA) is an architectural approach rather than a specific technology or market segment. It is a concept similar to zero trust. However, while zero trust presumes that every device in an ecosystem is already compromised and potentially hostile, CSMA views environments as disparate, logically separate, and heterogeneous. It’s a simplification, of course, but it’s intrinsic and built-in.

In “Top Security Technology Trends for 2022: Cybersecurity Mesh,” Gartner describes CSMA:

Cybersecurity mesh architecture is a composable and scalable approach to extending security controls, even to widely distributed assets. … CSMA enables security tools to integrate by providing a set of enabling services, such as a distributed identity framework, security analytics, intelligence, automation and triggers, and management and centralized policy orchestration.

To do this, the cybersecurity mesh has four distinct layers:

  1. security analysis and intelligence
  2. distributed identity fabric
  3. consolidated policy and posture management
  4. consolidated dashboards

Consider these layers through the lens of multi-cloud and work from anywhere. The mechanisms for achieving a security policy objective with cloud services can vary widely from vendor to vendor. Storing a secret in Microsoft Azure Key Vault, for example, is different from using AWS CloudHSM or Google Cloud Key Management. Each has its own API, administration and security model. But while each service is technically and implementationally different, in most use cases they achieve a similar strategic goal: managing secrets. This means that the same policy objective results in different implementations and configurations at different vendors.

Thus, consolidated policy and posture management that translates abstract policy goals into specific configurations on individual vendors can be extremely useful. For example, teams can define that all access to cryptographic keys is logged, conforms to a certain key length, etc. A posture management tool can help ensure that these policies are applied to the correct settings across the various providers used.

Likewise, if teams are serious about monitoring environments from a security perspective, i.e. metrics, measurements, reporting, and analysis, they need a way to collect and consolidate information. Then they need to link that with asset and threat information – through analytics and intelligence – and review holistic telemetry.

Finally, the identity must cover the environments. Would it be acceptable for users or clients to need to re-authenticate to an application if different elements of the application reside in different PaaS or IaaS environments? Of course not. By its nature, the fabric of identity must cover different environments.

Short-term effects of the cybersecurity mesh

Practically minded practitioners might wonder how all of this changes their daily lives. The answer is no, at least not directly or in the short term.

Currently, practitioners can go out and buy a number of products that help accomplish the foundational layers of CSMA, as described by Gartner. Likewise, organizations have aligned their multi-cloud and work-from-anywhere strategies to decouple policy from application, break down silos in their security stack, and scale to a wider perimeter. more porous and fragmented. For the latter, in some cases, they use architectures that completely avoid the concept of perimeter.

Long-term effects of the cybersecurity mesh

From a long-term perspective, the cybersecurity mesh discussed by Gartner is beneficial to practitioners for three reasons:

  1. Philosophical shifts sometimes drive the market, and the market, in turn, influences actual architectures.
  2. Industry acceptance facilitates the integration of the concept into architectural approaches.
  3. It contributes to interoperability.

To illustrate the first point, think about zero trust. Zero trust dates back to the mid-1990s, but has become more popular since being adopted by Google (BeyondCorp) in 2009 and Forrester Research in 2010. New companies and technology providers have formed around the concept, and it has driven innovation and new features into existing vendors’ product portfolios. This, in turn, has led to initiatives in end-user technology organizations.

Just as with Zero Trust, practitioners who understand why the CSMA model is compelling may be looking for products that help achieve this, can use management’s focus on the concept to advance their security agenda, and can otherwise be prepared to reverse the situation. to their advantage.

Acceptance of an overall high-level concept by the industry can change the way things are done. The growing acceptance of zero trust as a viable architectural model has changed the way practitioners assess and audit cloud-native enterprises. Likewise, accepting CSMA as a viable architectural strategy has the potential to simplify architectural discussions around multi-cloud, hybrid cloud, orchestration, and containerization security – for example, by getting organizations to recognize how modern cloud interrelationships need to be planned accordingly. From there, it frees up budget for better monitoring and intelligence gathering and better fits into sometimes overlooked environments like private and hybrid cloud.

Recognizing that environmental differences play a role in securing the cloud will promote interoperability. The more abstract policies are tied to specific configurations and the more ways there are to sync, normalize, and visualize monitoring information from different vendors together, the more we help mitigate things like lockdown. Taken together, these are all absolutely positive results.

Comments are closed.