Cybersecurity has become more complicated in recent years for two main reasons: multiple clouds and remote work.
Most organizations today use multiple cloud providers in IaaS, SaaS, and PaaS models. Individual applications also often span multiple cloud service models from multiple providers. Consider a service-based application that does the following:
- uses AWS Lambda and Microsoft Azure Functions to serve content pages from containers in Google Cloud Run;
- use Fastly as a content delivery network;
- integrates with Salesforce;
- connects to a back-end trading partner API on Heroku; Y
- uses Auth0 identity services.
It is not an unrealistic scenario. Just consider how many different service providers and models are integrated into that. Believe it or not, that example is significantly less complex than the number of actual apps that work.
There is also the COVID-19 pandemic to deal with. While technology ecosystems have become more fragmented due to the growth of the cloud, COVID-19 has decentralized the workforce as employees are scattered across the country or, in some cases, the world. This, in turn, brought about an increase demand for distributed technology and increased adoption of geography-independent services, such as SaaS.
Securing anything under these conditions puts the security architectures of yesteryear to the test. It’s time for a new approach. This is where the cybersecurity mesh comes in, reducing the need for a dedicated computing environment.
What is cybersecurity mesh?
Cyber Security Mesh Architecture (CSMA) is an architectural approach rather than a specific technology or market segment. It is a similar concept to zero trust. However, while zero trust assumes that all devices in an ecosystem are already compromised and potentially hostile, CSMA views environments as disparate, logically separate, and heterogeneous. That’s an oversimplification, of course, but it’s intrinsic and built-in.
In “Top Security Tech Trends for 2022: Cybersecurity Mesh,” Gartner described CSMA:
Cybersecurity mesh architecture is a composable and scalable approach to extend security controls, even to widely distributed assets. … CSMA enables security tools to integrate by providing a set of enabling services, such as a distributed identity fabric, security analytics, intelligence, automation, and triggers, as well as centralized policy management and orchestration.
The cybersecurity mesh does this by having four distinct layers:
- security intelligence and analytics
- distributed identity fabric
- consolidated policy and posture management
- consolidated boards
View these layers through the lens of multiple clouds and work from anywhere. The mechanics of how a security policy objective is achieved with cloud services can vary greatly from provider to provider. Storing a secret in Microsoft Azure Key Vault, for example, is different from using AWS CloudHSM or Google Cloud Key Management. Each has its own API, administration, and security model. But while each service is technically and implementationally different, for most use cases, they accomplish a similar policy goal: secret management. This means that the same policy goal translates to different implementations and configurations on different vendors.
As such, consolidated policy and posture management that translates abstract policy goals into specific configurations at individual vendors can be tremendously useful. For example, teams can define that all cryptographic key accesses are logged, adhere to a certain key length, and so on. A posture management tool can help ensure that those policies are transferred to the correct configuration across the different vendors used.
Likewise, if teams are serious about monitoring environments from a security perspective—meaning metrics, measurement, reporting, and analysis—they need a way to collect and consolidate information. Then they need to marry that with information about assets and threats, through analytics and intelligence, and review holistic telemetry.
Lastly, identity must encompass environments. Would it be acceptable if users or clients had to re-authenticate to an application if different elements of the application live in different PaaS or IaaS environments? Of course, no. By its nature, the identity fabric needs to encompass different environments.
Short-term effects of the cybersecurity mesh
Practically minded professionals might wonder how all this changes their everyday lives. The answer is that it doesn’t, at least not directly or in the short term.
Right now, professionals can go out and buy any number of products that help achieve the foundational layers of CSMA, as described by Gartner. Similarly, organizations have been aligning their multi-cloud and work-from-anywhere strategies to decouple policy from application, eliminate silos in their security stack, and accommodate an increasingly porous and fragmented perimeter. For the latter, in some cases, they use architectures that completely avoid the concept of perimeter.
Long-term effects of cybersecurity network
From a long-term perspective, the cybersecurity mesh reviewed by Gartner is beneficial to professionals for three reasons:
- Philosophical changes sometimes drive the market, and the market, in turn, influences real-life architectures.
- Industry acceptance makes it easy to incorporate the concept into architectural approaches.
- Help drive interoperability.
To illustrate the first point, think about zero trust. Zero trust dates back to the mid-1990s, but has become more popular since Google adopted it (Beyond the Corporation) in 2009 and Forrester Research in 2010. New companies and technology vendors have formed around the concept, and it has driven innovation and new features within existing vendors’ product portfolios. This, in turn, has fueled initiatives in end-user technology organizations.
As with zero trust, those professionals who understand why the CSMA model is compelling can look to products that help achieve it, can use executive attention on the concept to help advance their security program, and otherwise fail. they may be prepared to change the situation. in his favor.
The acceptance of a general high-level concept by the industry can change the way things are done. The increased acceptance of zero trust as a viable architectural model has changed the way professionals assess and audit cloud-native enterprises. Similarly, the acceptance of CSMA as a viable architectural strategy can potentially simplify architectural discussions around multi-cloud security, hybrid clouds, orchestration, and containerization, for example, by making organizations recognize how complex the interrelationships of cloud security are. the modern cloud to plan accordingly. From there, it helps budget for better monitoring and intelligence gathering, and to better link environments that are sometimes overlooked, such as private and hybrid cloud.
Recognizing that environmental differences play a role in cloud security will drive interoperability. The more abstract policies that are tied to specific settings, and the more ways to sync, normalize, and view monitoring information from different vendors together, the more we help alleviate things like blocking. Taken together, these are all absolutely positive results.