Cybersecurity trends: Cybersec Mesh Architecture

Hackers don’t think in silos, hackers look at your organization as a target domain. Therefore, your security standards must embrace the “everything, everywhere” approach, enabling the dozens of security tools your organization is dependent on, to work into a cooperative, interoperable and escalable ecosystem. Otherwise, your organization will be burdened with an unwieldy effort to manage and control the security solutions portfolio.

And that kind of architecture is CSMA (Cybersecurity Mesh Architecture), identified by Gartner as a “Top Strategic Technology Trend for 2022”. Gartner defines CSMA as a “common, broad and unified approach … [that] extend[s] security beyond enterprise perimeters.” In Gartner’s view, CSMA focuses on composability, scalability, and interoperability to create a collaborative ecosystem of security tools. And also makes an interesting prediction: “organizations adopting a cybersecurity mesh architecture to integrate security tools to work as a cooperative ecosystem will reduce the financial impact of individual security incidents by an average of 90% by 2024.” If Gartner is right, there is a good incentive to move towards CSMA.

Architectural Components of CSMA

Following the enclosed graphic, we see an overarching title “Composable Security and Identity Services” because current approaches to identity and security architectures seem somehow insufficient to meet today’s changing demands. In order to allow stand-alone solutions to work cooperatively and create synergies, an standardized interconnection system has to be in place, whether on-premises, in the cloud or in a hybrid environment. So, it is a pre-requisite.

The four layers are:

• Consolidated dashboards: those could offer a composite view into the security ecosystem, enhancing visibility to foster a faster and effective response to security events. So, you need to implement API integration between your existing tools. For new acquisitions, you will need to be very aware of the different vendor offerings in terms of interoperability with your current cybersecurity controls. As far as the organization’s security policy is an asset you own, you should be able to manage it as you need to. In that sense, reaching a decoupled policy environment needs tools that have an open policy framework, allowing policy decisions to be made outside the tool. This takes us to the second layer…
• Consolidated policy and posture management: Translating a central
  policy into the different configurations of individual security tools or, going an extra mile, provide dynamic runtime authorization services. The idea here, is to be able to inject at runtime the roles allowed for a user, that may be not known in advance, or depend on context rules such as in a PBAC (policy-based access control). Although more traditional authorization methodologies, including attribute-based/role-based access control (ABAC/RBAC) can also be implemented. And as we want our policies to be managed externally, outside the protected application, Gartner calls this approach EAM : “Externalized authorization management (EAM) provides runtime controls — including policy management, policy enforcement, and decision modeling — for fine-grained authorization to infrastructure, applications, services, transactions and data. EAM is also sometimes referred to as “dynamic authorization.”
• Security analytics and intelligence: Combines data and lessons from other security tools, and provides analysis of threats, and triggers appropriate responses. To do it efficiently, we cannot rely on a non-integrated portfolio where each tool produces its own alerts, therefore making extremely challenging the identification of patterns in alert activity. We will need to choose interoperable (for synergy), extensible (to include future tools) and event-triggered security analytics and intelligence technology; able to integrate and correlate additional data, leverage threat and response insight.
• Distributed identity fabric: In other words, these tools actively recommend where and when data could be used and modified, while helping to differentiate between legit users, insider threats or malicious intruders. Zero Trust should be incorporated by design inside CSMA, to achieve that all assets could be accessed securely, no matter its location or how widely distributed they happen to be. The benefit of CSMA is that it helps to ease the transition to Zero Trust through adaptive and scalable services, tools, and processes. More important is the leverage of standards and policies enforced through APIs or dashboards, therefore bringing an enhanced governance mindset to Zero Trust implementations.

Transitioning towards a CSMA Architecture

Realign your vision: CSMA will probably a need a reassement of your organization security and identity vision.

Track your KPIs: Before implementation you will probably need to determine new KPIs in other to know the actual state of your integration capabilities to develop clear goals and objectives about the composability and interoperability of your tool portfolio. After implementation, as with any other program, you will have to check that your CSMA genuinely works well together and delivers the desired results.

Enable your "everything, everywhere” operations: Cloud-based, location-independent cybersecurity controls are best suited to do this. As far as the traditional perimeter is not your system’s boundary anymore, organizations must implement a secure network access solution for users to access the resources they need. In this regard, and taking in account that we are moving to a Zero Trust environment, the transition from VPNs to a scalable, secure and flexible cloud-based ZTNA is needed to access the organization’s private applications. Conversely, SaaS access control will be best served with a gateway approach, so a NextGen Secure Web Gateway might be the way to go.

Generalize your best solutions for policy deployment and enforcement: to create an integrated security through the entirety of your access path, extend your AI/ML based policies from the identity layer to the rest of your infrastructure.

While CSMA is currently a work in progress, it holds great promise for the mitigation of overall security risk, the reduction of operational overhead, and the facilitation of good risk decision making. Vendors will need to adopt open, standards-based approaches to interoperability to empower this transition.