IT’s answer to cloud security

The term “cybersecurity mesh” has been around for a few years, but it’s making the rounds again after Gartner named it the second-highest strategic trend of 2022. To be fair, it’s a good term, as it adequately expands on the zero-trust paradigm. Since zero trust has been around for almost two decades, most are familiar with the zero trust network (ZTN) model. The idea is that all network access requests should be considered untrustworthy until proven otherwise.

In a zero-trust environment, all subjects are continuously screened; all traffic is encrypted; and user health, device health, and session context are all reviewed before access to the network is granted. The principle of least privilege is applied, meaning that users can access the least amount of network data for the shortest possible time needed to complete a given task. Finally, multifactor authentication (MFA) and user and entity behavior analysis (UEBA) are used to protect the network.

The general consensus is that zero-trust security architecture is the way to go, so why do we need this new term, cybersecurity mesh architecture (CSMA)? What was the motivation behind CSMA? In short, the global pandemic. The pandemic caused a paradigm shift, with organizations rushing to facilitate remote working and cloud migration. IT staff faced the challenge of managing a large number of new assets, most of which fell well outside the traditional security perimeter. All this led to the popularization of CSMA.

What is CSMA?
According to Gartner, CSMA is “a flexible, configurable architecture that integrates widespread and disparate security services.” Although described as an architecture, CSMA is arguably more of a strategy; it’s an initiative that brings organizations’ security tools closer to the assets they protect.

CSMA is an extension of zero trust and creates unique perimeters around every person, machine and entity. As with a regular ZTN model, the identity and context of users and devices are taken into account; for example, a person’s identity, time and location may be reviewed before access is granted. With CSMA, however, it goes one step further. There are now as many perimeters as access points. You can think of this as a form of micro-segmentation, where every single device and gateway is surrounded by a security perimeter.

Mesh architecture brings control gates closer to the assets they need to protect; however, control is ultimately still in a centralized point. A centralized authority manages all security perimeters.

Another way to think about CSMA is as an end-to-end ZTN with security tools that are no longer in silos. With CSMA, organizations are encouraged to implement security solutions that work together seamlessly, rather than security tools that work in silos. According to Gartner, CSMA provides this collaborative cybersecurity architecture through four different layers.

Supporting layers of CSMA
According to Gartner, the supporting layers are security analytics and intelligence; distributed identity structure; consolidated policy and attitude management; and consolidated dashboards. Let’s briefly discuss them one by one.

Security analytics and intelligence describes a layer made up of several security tools, all of which communicate with each other. Coupled with the individual security perimeter around each user and device, UEBA tools work to detect behavioral anomalies, mitigate insider attacks, and collect contextual data for further investigation.

Distributed identity structure denotes a layer made up of data and connected processes. Within this layer, analytics tools continuously assess data points from different applications; these tools not only actively advise where data should be used and modified, but they also help distinguish between real, authorized users and malicious attackers.

Consolidated policies and attitude management is the layer that allows IT staff to define application access policies for users and devices – all from a central location.

These layers, which can be thought of as the ‘data security network’, are all located below the network layer; In other words, they work together to control where data is used, stored, and shared by each user and device on the network. With a properly functioning CSMA, secure, authorized access to data can be guaranteed from any access point.

New AI regulation is coming
Since it is an information-centric security model, the CSMA will be crucial in the coming era of strict data regulation. The EU’s GDPR has been in effect for two years and artificial intelligence regulations are on the way. While the timetable is unclear, the EU’s upcoming AI law is expected to be finalized and implemented in 2023.

Given the high penalties for data breaches, protecting user data is vital. With CSMA, IT staff gains not only scalability, but also greater visibility and access control over data.

By creating individual security perimeters around each access point, CSMA ensures that only authorized persons and devices can access corporate data and applications. CSMA is an extension of zero trust, providing a flexible, scalable, responsive approach to security, while enabling IT staff to manage each access point from a centralized point of authority.

According to Gartner’s predictions, “By 2024, organizations adopting a CSMA will reduce the financial impact of security incidents by an average of 90%.” When applied correctly, this architecture will reduce breaches, minimize attacks and save organizations a lot of money.


Leave a Reply

Your email address will not be published.

Back to top