The term “cybersecurity mesh” has been around for a couple of years, but it’s making the rounds again after Gartner declared it the second highest strategic trend of 2022. To be fair, it’s a good term, as it aptly expands on the zero-trust paradigm. Since zero trust has been around for almost two decades, most are familiar with the zero trust network (ZTN) model. It is the idea that all requests for network access should be considered unreliable until proven otherwise.
In a zero-trust environment, all topics are continuously examined; all traffic is encrypted; and user state, device state, and session context are evaluated before network access is granted. The principle of least privilege is used, which means that users have access to the least amount of data on the network for the shortest amount of time necessary to complete a given task. Finally, multi-factor authentication (MFA) and user and entity behavior analysis (UEBA) are used to protect the network.
The general consensus is that Zero Trust Security Architecture is the way to go, so why do we need this new term, Cyber Security Mesh Architecture (CSMA)? What was the impetus behind CSMA? In short, the global pandemic. The pandemic created a paradigm shift, whereby organizations rushed to facilitate remote work and migration to the cloud. IT staff was challenged with managing a large number of new assets, most of which were outside the traditional security perimeter. All this led to the popularization of CSMA.
What is CSMA?
According to Gartner, CSMA is “a flexible and composable architecture that integrates disparate and widely distributed security services.” Although described as an architecture, CSMA is arguably more of a strategy; is an initiative that brings organizations’ security tools closer to the assets they protect.
A zero-trust extension, CSMA creates unique perimeters around every person, machine, and entity. Like a regular ZTN model, the identity and context of users and devices are considered; for example, a person’s identity, time of day, and location could be evaluated before access is granted. However, with CSMA, things go one step further. Now there are as many perimeters as there are access points. You can think of this as a form of micro-segmentation, where each device and access port is surrounded by a security perimeter.
Mesh architecture brings control ports closer to the assets they need to protect; however, control ultimately still resides at a centralized point. A centralized authority manages all security perimeters.
Another way to think of CSMA is as an end-to-end ZTN with security tools that are no longer siled. With CSMA, organizations are encouraged to implement security solutions that work seamlessly together, rather than security tools that work in silos. According to Gartner, CSMA provides this collaborative cybersecurity framework through four different layers.
CSMA Support Layers
According to Gartner, the supporting layers are security intelligence and analytics; distributed identity fabric; consolidated management of policies and positions; and consolidated boards. Let us briefly discuss each in turn.
Security intelligence and analytics describe a layer made up of various security tools, all of which communicate with each other. Along with the individual security perimeter around each user and device, UEBA tools work to detect behavioral anomalies, reduce insider attacks, and gain contextual data for further investigation.
Distributed identity fabric denotes a layer made up of connected data and processes. Within this layer, analytics tools continually evaluate data points from disparate applications; these tools not only actively recommend where data should be used and modified, but also help differentiate between genuine, approved users and malicious attackers.
Consolidated policy and posture management is the layer through which IT staff can define application access policies for users and devices, all from a central location.
These layers, which can be thought of as the “data security mesh,” exist below the network layer; Put another way, they work together to monitor where data is used, stored, and shared by every user and device on the network. With a properly functioning CSMA, secure and authorized access to data from any access point can be guaranteed.
New AI regulation coming soon
Since it is an information-centric security model, the CSMA will be crucial in the coming era of strict data regulation. The EU GDPR has been in force for two years, and The regulation of artificial intelligence is coming. Although the timetable is not clear, the next meeting of the EU AI Law it is expected to be completed and implemented in 2023.
Given the heavy penalties for data breaches, protecting user data is vital. With CSMA, IT staff not only gain scalability, but also greater visibility and control of data access.
By creating individual security perimeters around each access point, CSMA ensures that only authorized people and devices access corporate data and applications. A zero-trust extension, CSMA offers a flexible, scalable, and responsive security approach while allowing IT staff to manage each access point from a centralized point of authority.
According Gartner’s predictions, “By 2024, organizations that adopt a CSMA will reduce the financial impact of security incidents by an average of 90%.” Employed correctly, this architecture will reduce breaches, minimize attacks, and save organizations a great deal of money.