Exploring ‘Cybersecurity Mesh’ Just another tag or a paradigm shift?

It is the new year and the security landscape is already brimming with new acronyms, tags and terminologies. Cybersecurity Mesh (CM) has hit the centre stage and is a term that you will soon hear much about with regards to strategy and architecture.

As defined by Gartner, the Cybersecurity Mesh is a distributed architectural approach to scalable, flexible, and reliable cyber control. The mesh changes the focus from protecting a traditional IT perimeter (a ‘walled city’ approach) to a more modular approach that centralises policy orchestration but distributes enforcement of cybersecurity policy.

The definition is a mouthful and certainly a theme that needs to be read and visited a few times to be fully absorbed and digested.

To explore the concept of CM, we should essentially revisit the topics I wrote about in the previous editions, namely the Zero Trust and Defence-in-depth topics. CM is essentially an extension of these themes.

Some may question the need for another label if it is just an extension of Zero Trust. I am neutral to that debate, but I do acknowledge that Zero Trust is a very broad topic with its application across strategy and implementation.

The industry is still new to Zero Trust and bringing in CM to the mix can be overwhelming. But I do believe the fundamentals of CM are essential when it comes to security transformation.

Zero Trust – A Total Recall

According to the National Institute of Standards and Technology (NIST), Zero Trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defences from static, network-based perimeters to focus on users, assets, and resources. A Zero Trust Architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location or based on asset ownership.

Understanding Cybersecurity Mesh

There is no doubt that the pandemic’s shift on IT systems and workforces have driven the need for evolution to the existing structure of traditional security perimeter.

This is because more and more assets now fall beyond the traditional security boundary, and thus security needs to be redefined around the identity of humans or machines. As perimeter security becomes less suited to the current climate, the security approach of a walled city must evolve to the current shift of enterprises.

Cybersecurity mesh enables scalable, flexible and reliable cybersecurity control via a dispersed architecture approach.

CM’s method of network security leads to a more standardised and responsive approach that is aimed at preventing cybercriminals from infiltrating a part of the network and spreading their access to the wider network as with the case of Advanced Persistent Threats (APTs).

‘Meshison’ Impossible or Sensible?

As cyber defence strategies go, CM makes complete sense as this course secures every device with its own border security (for example firewalls, network security tools, etc).

Today many security practices still use traditional perimeter-centric tools to secure whole IT environments and this has resulted in some of the big-name breaches we have seen across 2020 and 2021. CM’s holistic approach is closely linked to the ‘defence-in-depth’ principles (albeit, with a distributed technique) that I widely preach and endorse.

Security infrastructure needs to be agile enough to cover the remote workforce working on the intellectual property of organisations. This kind of flexibility in security infrastructure can only be achieved by decoupling policy decisions and enforcement.

The new course of security will essentially then be mapped around identity than the traditional perimeter or physical boundaries. This will ensure that the right personnel have access to the right data across the network regardless of location or where data is stored.

Sure, the task is easier said than done. But it makes sense that decentralised IT and workforces environments are equally secured by a decentralised security concept, i.e. cybersecurity mesh.

Mesh essentials

As CM is a step up over the more recent tried and tested cybersecurity practices, it is essential that enterprises make sure their current strategy and technology are in line with foundations such as centralised policy management and orchestration, threat intelligence and triggers and a distributed identity access management.

This allows for a natural transition to a meshed transformation with minimal disruption to business operations.

Closing remarks

Mesh will remain a talking point for the next few years. It is predicted (Gartner) that by 2024 mesh technology will be the cornerstone of tackling breaches and the financial impact for organisations.

Currently, mesh as a concept is heavily a strategy but eventually mesh technology will heavily rely on analytics and intelligence to likely move beyond SIEM and SOAR’s reliance on integration.

Mesh adoption will also become a building block for achieving Zero Trust, which ensures data, applications and devices are securely accessed by authorised and trusted personnel in a location-agnostic manner.

Existing Identity and access management (IAM) suffers from security, scalability, reliability and privacy, so this needs to be addressed by security technology and configured to adapt the mesh approach. Achieving holistic security requires more investment in upskilling, risk assessments and learning particularly from the Blockchain services industry.

Paradigm shift it is then.