What is a cybersecurity mesh and why do you need one?

  • With the shift to cloud computing, you’re probably running at least some of your apps and holding some of your data in the cloud. Your cloud provider takes primary responsibility for securing the servers, storage and elements of the network that delivers apps to users’ devices — but it’s still on you to make sure the whole infrastructure is secure.
  • Users increasingly want or need to work from anywhere on any device. The Covid-19 pandemic has accelerated the move to working from home, but even before that, nearly half of employees were working away from the office at least once a week. The pandemic simply highlighted that they’re often using personal devices and connecting through consumer ISPs, mobile networks and public WiFi that aren’t covered by corporate security solutions. 
  • Digital transformation strategies — driven by a desire to become efficient, collaborate more effectively and deliver better customer service — mean partners and customers are being given greater access to corporate systems and data.
  • “Users” are increasingly no longer people but machines. Modern applications are largely constructed using API-enabled services, many of which are provided by third parties, or are communicating through APIs with the billions of devices that make up the Internet of Things. Each of those API calls needs to be authenticated and monitored to prevent malicious actors gaining access to your systems.
  • VPNs have traditionally been used to authenticate remote users and secure traffic over untrusted external networks. The abrupt shift to working from home at the start of the pandemic exposed the hard truth that VPNs can’t cope with the volume of network traffic they’ll need to handle as we move to hybrid working. At scale, they’re also difficult to manage and inconvenient for users.

Many businesses have turned to Zero Trust Network Architectures (ZTNAs) to help them handle the challenges thrown up by these complex environments. With ZTNAs, you’re authenticating, authorising and validating every user or entity every time they want to access network resources. While it’s a significant step forward from the old “castle and moat” approach to security, many organisations have found ZTNAs don’t scale easily, aren’t agile enough to keep pace with new risks, and don’t provide unified views of complex environments to allow the security team to detect and respond to attacks at speed and easily use analytics to evaluate the effectiveness of security programmes. 

That’s why many organisations are considering a new approach to securing their operations: a cybersecurity mesh.

What is a cybersecurity mesh?

Named by industry analysts Gartner, a cybersecurity mesh is a modern conceptual approach to security architecture that enables the distributed enterprise to deploy and extend security where it’s needed.

It goes beyond the ZTNA concept of creating a perimeter around each separate element in your infrastructure, by allowing siloed security tools to interoperate. That means, for example, that you can set, manage and monitor policies centrally for each entry point — a human user or a machine identity making an API call — and then implement and enforce those policies locally using tools already in place — even if those aren’t the tools currently being applied to that particular app, cloud service or network element.

To make this happen, Gartner says, a cybersecurity mesh architecture consists of four supporting layers:

  • Security analytics and intelligence, combining data and lessons from other security tools, and providing analyses of threats and triggering appropriate responses
  • Distributed identity fabric, providing capabilities such as directory services, adaptive access, decentralized identity management, identity proofing and entitlement management
  • Consolidated policy and posture management, which can translate a central policy into the native configuration constructs of individual security tools or, as a more advanced alternative, provide dynamic runtime authorization services
  • Consolidated dashboards, which offer a composite view into the security ecosystem, enabling security teams to respond more quickly and more effectively to security events

Benefits of a cybersecurity mesh

Implementing a cybersecurity mesh provides you with several advantages.

  • It’s flexible and modular, making it easier to match security measures to your organisation’s specific needs and use features from one tool — such as policy management — to control features in other tools.
  • It’s agile and adaptable, making it easier to quickly extend your security measures to protect new apps, data and users (whether they’re human or a machine).
  • It’s robust, because it’s based on the ZTNA approach of ensuring every request for access is challenged every single time, minimising the risk that a breach in one place will quickly give a malicious actor access to the wider infrastructure.
  • It’s verifiable, because it gives your monitoring and reporting tools data about every access request, so you can get a more comprehensive picture of the activity in your infrastructure and more easily use automated validation to check that controls are working as they should.
  • It’s affordable and scalable, taking far fewer resources to operate than traditional cybersecurity solutions, because it allows your team to detect and respond to threats and generate management analytics from a central point, and to eliminate duplicate security tools.
  • It’s strategic, improving the reports the CISO or head of security can provide to the board and across the business, helping to drive conversations about security effectiveness and gaps, while also improving the day-to-day work of the security team.

Components of a cybersecurity mesh

  1. People

The key step here is to ensure your security team works closely with business stakeholders and IT operations and application development teams so that they’re aware of the benefits of using a cybersecurity mesh and understand the part they need to play in can support its deployment. For example, they need to be able to accurately specify user access requirements, and be able to apply relevant techniques, tools and processes to both current systems and when developing new solutions to meet future business needs. This will reduce business risk, especially during periods of change, and allow the security team to increase its effectiveness without adding significant resources.

  1. Process

As a starting point, organisations need to create an accurate and complete asset register, so they understand the technology and applications they currently have and need to access. Some businesses will already have an asset register in place, but will need to ensure it’s up to date and complete. At this stage, organisation should also do its best to identify any shadow IT that’s being used and consider how to ensue those users’ needs are met in a secure way.

A second area to focus on involves building an understanding of the identities and roles of users, both human and machine. This will provide a foundation for defining the access each user needs, setting the policies that will control that access, enforcing those policies through technology, and ensuring existing controls are aligned with current policies. The key concepts here are identity and access management (IAM) and adopting a Zero Trust Network Architecture (ZTNA) or applying it more widely.

Finally, organisations should put in place analytics that deliver insights into how their security infrastructure is performing. This will allow the security team to evaluate whether their current controls are sufficient and identify any gaps or any areas where existing controls need to be strengthened. CISOs will also be able to use this intelligence to inform their discussion with the board and other business leaders. 

  1. Technology

All too often, new security concepts can feel like nothing more than an excuse for vendors to sell more technology. However, cybersecurity mesh is actually an opportunity to identify duplicate point solutions that perform the same function for different systems and consolidate on fewer solutions or to use functions in one solution — such as policy management — to enhance other solutions. It’s likely you’ll even be able to eliminate some technologies, such as VPN access, entirely. For larger organisations with complex infrastructures, taking a cybersecurity mesh approach will almost certainly help you deliver on your broader security optimisation programme.

The key component in your new cybersecurity mesh will be a unified and consolidated approach to network edge security known as Secure Access Service Edge or SASE (pronounced “sassy”). SASE is a cloud-based package of technologies, typically delivered from a single vendor, that combines network security functions and SDWAN capabilities to deliver dynamic secure access in line with your organisation’s specific policies.

SASE network security functions typically include a Secure Web Gateway (SWG), Cloud access security broker (CASB) controls, Firewall as a Service (FWaaS) and Zero Trust network Access (ZTNA).

You should also look to complement these core features with continuous automated security validation (CASV) tools that mimic the behaviour of persistent hackers, to ensure that the controls in your cybersecurity mesh are working as intended.

Here at BrightCyber, we help organisations like yours make sense of new concepts like a cybersecurity mesh, enabling you to identify those that will improve your security operations and then implement them. If you’d like to find out more right now about the cybersecurity mesh concept and how to implement it, get in touch with us for an initial consultation.

Share:

More Posts

Send Us A Message

HOW CAN WE HELP YOU

Please provide your details and a brief description of what you need. We’ll be in contact within 4 hours.

To speak to us now, call:

0345 257 0071

Under Attack? Please call us or click here for free, professional, and immediate Incident Response.

Registered address: 88 Crawford Street, London, England, W1H 2EJ