How security mesh can leave attackers in a tangle

Today’s cybersecurity teams have a more complex brief than ever.

More and more organisations use multiple cloud providers to manage their services. Workforces are becoming more fragmented, with workers scattered between company offices, home laptops and mobile devices. This array of different platforms, identities and workflows is offering rich pickings for cyberattackers – an attack is reported in Australia every eight minutes.

As CISOs scramble to find an effective response, one response is gathering traction. Cybersecurity mesh architecture (CSMA) isn’t a technology or tool. Instead, it’s an approach that can shape your strategy and – according to analysts Gartner – reduce the financial impact of security incidents by an average of 90%. So what is mesh architecture, and what can it do for you?

What is mesh architecture in cybersecurity?

Cybersecurity Mesh Architecture (CSMA) is a framework that aims to consildate security across different security products and environments. CSMA accepts that digital environments are diverse. Rather than trying to homogenise or simplify these ecosystems, mesh architecture says that there’s no going back to a golden age of one perimeter and one relatively predictable work environment. That genie left its bottle long ago. Rather, CSMA seeks to optimise the way disparate services work together, providing an integrated security structure that can bust siloes and safeguard assets, whether they’re on-premises, in data centres or in the cloud.

It does this via four key pillars:

• policy management, in which the organisation’s access policies configure individual tools

• security analytics, in which data from network tools is consolidated, analysed and used as a basis for security responses

• identity fabric, in which distributed identity management is used to assess and validate individual users and devices in different contexts (one of several ways that mesh shares ground with zero trust frameworks)

• security dashboards that pool reports to offer a holistic view of security

Used together, these act as a force modifier and foundation that ensures interoperability (the ability of different tools and systems to communicate) and composability (the ability of different elements to work together in different arrangements). This organising layer thus integrates different cyber solutions and guides them via company policies.

Mesh architecture can open up collaboration

By applying these foundations across different environments, mesh architecture is well qualified to tackle today’s threats:

• in fragmented, highly distributed multi-cloud environment, it offers a consolidated approach

• traditional security tools work in silos, but cyberattackers don’t: mesh helps defenders join up the dots, meaning they can see the big picture – and tackle serious vulnerabilities

• by opening communications across silos and between tools, mesh opens up collaboration and better incident response, and allows organisations to mix and match the best solutions for their workflows and strategy

• because it assesses identity and context across environments, it can manage access by a wide range of workers, partners and devices effectively: and in the modern security world these, rather perimeters and firewalls, are where control is established

• CSMA is flexible, offering a consistent posture that can be scaled up or extended across different settings

• mesh will tend to be less of a time and budget suck to deploy and maintain than more piecemeal approaches

But you need to be in it for the long haul

Central to cybersecurity mesh architecture is the core idea that environments are different, and a consistent way of managing security should work across all of them. Fittingly enough, there’s no single set of steps every organisation can follow to align themselves with CSMA. Each cloud service has a different API and security set-up, and will require different configurations. Some steps will already be part of your organisation's DNA, others may be straightforward, while some will be hard to carry out thanks to resource gaps or the lack of appropriate tech.

Indeed, the move too mesh is a transition, not a leap. It can be made more straightforward by tactics such as:

• ensuring your company understands CSMA, and is willing to commit to actionable policies to implement it

• choose from the start whether your approach will revolve around a primary vendor (which may lessen the challenges of interoperability) or a mix of solutions (allowing you to choose best-of-breed tools)

• working to eliminate silos and move beyond the concept of an old-fashioned security perimeter

• look for security tools that integrate well with others, and ensure you’ve the budget to make them a part of your mesh

• prioritise solutions with an open policy framework and use plug-in APIs that allow customisation, so you can manage and integrate them more effectively

• impose current and emerging security standards across the board – and favour vendors that are adept at meeting these standards – to reduce issues with interoperability

• move from traditional VPNs towards zero trust policies and effective identity and access management

Security mesh can leave attackers in a tangle

Cybersecurity mesh architecture can help organisations address the vulnerabilities of cloud-based hybrid work environments. It does so via foundations that govern security interactions between different parts of your ecosystem. But building this new approach will take time and company-wide buy-in. It will affect not just individual decisions, but your direction of travel. If it takes off – and the omens look good – it could shift the dial on how the entire industry approaches cloud security.