What is Cybersecurity Mesh? Principles & Architecture
Computer networks have evolved over time. While organizations used to maintain servers, standalone systems, and physical equipment supporting the computing environment, this trend has changed with the introduction of cloud computing. Organizations now prefer focusing on business and innovation while physical maintenance is supported by cloud vendors such as Azure, AWS, GCP, and others.
Conventionally, cybersecurity was focused on securing the organization’s network using firewalls, intrusion detection systems, and other boundary defenses. However, with the evolution of cloud computing and the Internet of Things (IoT), these perimeter defenses are no longer sufficient.
New frameworks such as Zero Trust are being introduced to secure systems with controls that follow the “Never Trust, Always Verify” principle. Other frameworks and cyber strategies are being introduced to secure cloud networks in this evolving digital world.
Cybersecurity Mesh is a cyber defense strategy that breaks the traditional security approach. While many security practices use a single perimeter to secure all the devices within it using defenses such as firewalls and IDS, Cybersecurity Mesh creates a smaller individual perimeter around each device. Gartner predicts that by 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of individual security incidents by an average of 90%.
Security controls are dispersed across different system components and incorporated into the network fabric in a cybersecurity mesh. With each component being able to have its own security policies and controls depending on its unique requirements and risk profile, this enables more granular and context-aware security.
Cybersecurity Mesh Principles
A Zero Trust Architecture approach verifies and authenticates, regardless of the network location or user/device identity.
A Decentralized approach ensures security controls are distributed across the network as opposed to being centralized at one location. This makes it possible for a more robust and flexible security posture.
An Interoperability aspect encourages communication and cooperation among various security platforms and solutions, enabling the sharing and integration of security data with ease.
Cyber Security Mesh Architecture (CSMA)
With fewer resources and a collaborative approach, CSMA offers distributed security services as a force multiplier for a stronger security posture.
CSMA has four foundational layers to configure and manage distinct security services.
- Security analytics and intelligence: Collecting and analysing security data from security tools with the help of a Security Information and Event Management (SIEM) tool will provide real-time threat notifications.
- Distributed identity fabric: Decentralized directory services, which are essential to a zero-trust paradigm, are prepared and provided to the security system. These include user entitlement management, adaptive access, identity proofing, and decentralized systems.
- Consolidated policy and posture management: Configuring individual security tools by translating a central policy into the native configuration constructs to ensure consistent and standardized security policies among the security systems.
- Consolidated dashboards: Integrating multiple dashboards for an effective single-pane dashboard to view and manage the entire security posture of an organization.
Implementing Cybersecurity Mesh
- Creating an integrated framework where security solutions can work together in synergy to achieve interoperability.
- Choosing security solutions that have an open policy framework to ensure compatibility with the overall framework than independent devices.
- Choosing zero trust network access integrated with an access management tool over traditional VPN services for reliability and security.
- Proper Audit process and procedure that follows the Zero Trust framework so that only authorized users have access to assets.
- Choosing vendors who are responsive and flexible to incorporate custom changes to secure the environment quickly.
Summary
Cybersecurity Mesh is a new cyber defense strategy that protects organizational networks by creating a smaller individual perimeter around each device rather than conventional single perimeter security for a whole network. Cyber Security Mesh Architecture (CSMA) has four layers to configure and manage distinct security services: Security analytics and intelligence, Distributed identity fabric, Consolidated policy and posture management, and Consolidated dashboards. Gartner predicts that by 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of individual security incidents by an average of 90%.
