Published 27. May. 2022
Cybersecurity Mesh: Benefits and Challenges
Cybersecurity mesh is emerging as a new path to building a more dynamic security environment.
The idea of a cybersecurity mesh as the way forward in this evolving digital landscape isn’t new. In fact, several security providers have been providing comprehensive and consolidated security solutions over the last few years based on the cybersecurity mesh approach including the Fortinet Security Fabric, Checkpoint Security Infinity, and Arhamsoft.
However, the concept gained traction when Gartner tagged it as a top strategic technology trend in 2022. The firm noted that the rapid evolution and sophistication of cyberattacks in tandem with organizations migrating to hybrid multicloud systems creates a “perfect storm” of security risk that needs to be addressed.
As described by the firm, a Cybersecurity Mesh Artchitecture (CSMA) is a “composable and scalable approach to extending security controls, even to widely distributed assets”. This approach is said to be incredibly suitable for modular networks that are consistent with hybrid multi-cloud architectures.
Instead of each security tool running in a silo, CSMA enables these tools to interoperate via several supportive layers. CSMA differs from the traditional “walled perimeter” approach to security by creating smaller, individual perimeters around each access point which runs on a zero trust philosophy.
Gartner predicts that CSMA can reduce the cost of security incidents by about 90% in the next two years. This is especially important given the rising cost of data breaches from $3.86 million in 2020 to $4.24 million in 2021.
Cybersecurity Mesh Architecture: Overview
In essence, each tool in the IT infrastructure within the CSMA operates as a cog in a greater machine. The framework proposed by Gartner is based on four layers:
- Security analysis and intelligence: which analyses past cybersecurity attacks, as well as data and lessons from other tools, to inform future trigger responses and actions
- Distributed identity fabric: a decentralization of identity management, identity proofing and entitlement management, creating an environment of adaptive access
- Consolidated policy and posture management: the ability to translate central policy into native configuration of each individual security tool
- Consolidated dashboards: offering a holistic view of the entire security ecosystem
The CSMA framework appears to offer significant benefits over the traditional IT security model.
Benefits of CSMA
CSMA is expected to assist organizations in evolving from outdated legacy security systems to an approach that offers the best of integrated cybersecurity. Fortinet notes that such integration is crucial to strengthening security, increasing operability between various security tools and improving agility.
This novel approach offers several crucial benefits, according to cybersecurity providers.
The intelligent security design of a CSMA increases the agility and resilience of an organization’s security setup. With security tools working together on the same standards of zero trust, this approach ensures that an organization’s network receives the best real-time defense against known and evolving threats.
A cybersecurity mesh is better able to handle more IAM (identity access management) requests, allowing for more mobile, adaptive, and unified access management. This means an organization will have a more reliable approach to managing access and control of its digital assets that is more spread out now than ever before.
This is especially significant as IBM reported that companies with a workforce that is more than 50% remote took 58 days longer to identify and contain breaches than those with less than 50% remote employees.
CSMA extends security across the entire organizational network while allowing IT departments to secure all systems and access points with a single set of interoperating tools and technologies.
With the shift towards hybrid cloud solutions and remote work, organizations are making efforts to not only integrate third-party applications and services but also to ensure that those technologies are appropriately secure.
This setup also improved the speed and efficacy of threat detection, and consequently response and prevention strategies as well. The information gathered by each security tool can be leveraged within the ecosystem to quickly address each security threat that may crop up.
Flexibility and Scalability
A key feature of CSMA is its distributed nature, creating individual security perimeters around each access point within an entire network and ecosystem. What this allows is deep visibility of the network edges, ensuring that all areas are protected in equal measure.
The flexibility that this creates in a security system also gives organizations more agility to build new IT infrastructure and introduce new solutions as needed without compromising protection. An IT department is better able to keep up with the evolution of expanding and distributed IT infrastructure within the CSMA.
Redefined cybersecurity perimeter
Switching from the traditional “walled city” approach of cybersecurity where a perimeter is set up around the network may have been effective when it was first introduced. However, now that applications, data, devices, and users are operating outside of the traditional data centers and offices, CSMA becomes vital.
The redefined cybersecurity perimeter that is key in the CSMA reduces the time taken to deploy security measures and responses as it offers a distributed identity fabric that establishes trusted access at each entry point into the network.
On that note, CSMA is also expected to reduce insider threat incidents according to Gartner. These include credential thefts and attacks by malicious insiders which can cost organizations about $15.38 million per incident.
There has been an increase in the frequency of insider threats from 60% in 2020 to 67% in 2022, in part due to the dramatic shift to remote and hybrid working as well as the “Great Resignation”. People are leaving organizations but still have access to critical data, systems, and infrastructure within the organization – this creates more vulnerabilities.
The CSMA approach of building new perimeters and layered defenses around each device and network access point could make all the difference in mitigating this issue.
Simplified Deployment and Management
The agility of a CSMA also benefits organizations by making it easier and quicker for security teams to deploy and configure new solutions. Gartner’s proposed consolidated dashboard, which makes up one of the layers of CSMA, would enable organizations to better adapt their security structure to meet evolving business and security needs.
An integrated security architecture would remove the need for security teams to switch between and operate various tools, which takes up precious time. Instead, it frees them up to focus on deploying and configuring solutions and frees them up for other critical security tasks, thereby improving efficiency overall.
Challenges of CSMA
While the benefits are many, totally overhauling the approach to security can pose several challenges.
Some key challenges include:
Ensuring proper training and support
This is a relatively new framework and implementing it requires a significant change in the mindset. Organizations that want to build a CSMA will have to make significant investments in ensuring that their IT personnel are prepared and well supported during the transition.
Ensuring secure and simple identity-based system
A key aspect of CSMA, as mentioned before, is the newly defined security perimeter. Organizations will have to ensure that users are able to securely and easily access the network without it being a distraction that would lead to reduced productivity.
Difficult and costly to apply to an existing ecosystem
The CSMA would be much easier to incorporate during the planning stage of a security ecosystem, conducting discussions and reviews of security procedures with cloud and platform providers. Organizations that are looking to make this shift with an existing ecosystem may find it more challenging to do so.
Cybersecurity mesh is at the core of zero trust philosophy. This shift in mindset required to make the shift could pose a significant hurdle, not to mention the cost that it might incur to implement a system based on this approach.
Though the CSMA seems to bring with it many benefits, the challenges of making such a major shift in the security framework remain. Despite that, will CISOs and security leaders make the leap?