When Gartner predicts that “Cybersecurity Mesh Architecture (CSMA)” will be one of the top security and risk management trends of last year and this year too, that news might come as a surprise to those of us who have never heard of it. Indeed, the term seems to have been roughly conceptualized by Gartner in an effort to develop a cybersecurity architecture that, in the firm’s own words, can reduce the cost of security incidents by roughly 90% over the next couple years. That’s a bold claim, so how do they back it up?
What is Cybersecurity Mesh?
CSMA is essentially a set of recommendations issued under the governing philosophy that security tools should play nice together. Gartner has identified a growing gap of interoperability between security tools, as well as significant, wasteful overlaps in what multiple tools—each being paid for through their own licensing—seek to achieve. Under the framework of a cybersecurity mesh, each tool will be introduced into the IT infrastructure as an integrated, carefully planned out part of a greater whole.
The Perfect Storm of Cyberattacks
In a recent report, Gartner analysts are predicting the “perfect storm” for cyberattacks in the coming future, instigated largely by three primary challenges to the present enterprise security landscape:
- Cyber attacks and cyber defenses are asymmetrical in nature. While attackers pursue vectors outside of a silo, organizational security is often siloed. Security tools often don’t run in concert with other tools, leaving weak spots open to exploitation.
- The defensive perimeter has become substantially fragmented, with the increase in remote work and prevalence of stray devices. Data is less centrally located, leaving the traditional perimeter of network security somewhat akin to the French Maginot Line: a powerful fortification that was easily sidestepped by invaders.
- Multicloud computing environments demand a more consolidated security approach. Often, different cloud providers will establish their own security policies, resulting in inconsistent enforcement of standards.
The report continues to assess the modern digital landscape, criticizing the overly fragmented nature of existing security architectures. The spread of digital devices across an increasingly thin hybrid cloud has done more than strain legacy security tools, it has also placed a growing burden on computing resources. Multiple poorly implemented tools may overlap in responsibilities across multiple and sometimes redundant dashboards, administration points, and ad hoc integrations.
There’s some truth to those claims, according to a 2020 industry survey sponsored by IBM, which found that organizations on average enlisted 45 security tools, and respondents sought to dramatically reduce that number.
In view of these challenges, Gartner developed the CSMA model to rein in threats through a more holistic, collaborative focus on security.
The Cybersecurity Mesh Architecture Approach
Gartner describes CSMA as “a composable and scalable approach to extending security controls, even to widely distributed assets.” Their proposed model is geared toward hybrid and multicloud environments accessed by a wide range of devices and applications. In short, they envision the implementation of security tools with high degrees of interoperability, running through four supportive layers that facilitate collaboration between security controls. Their four proposed layers consist of:
- Security Analytics and Intelligence: Processes data from past cybersecurity attacks to inform future action and trigger responses.
- Distributed Identity Fabric: Decentralized identity management and directory services.
- Consolidated Policy and Posture Management: Integrates individual security tool policies into a greater unified whole.
- Consolidated Dashboards: Single pane management of the security ecosystem.
Gartner makes some additional recommendations to better integrate security frameworks:
- Select security tools on the basis of interoperability, and invest in developing a common framework.
- Select vendors with open policy frameworks so policy decisions can be delegated from outside the tool.
- Select aggressive, forward-thinking vendors.
- Adopt multi-factor authentication and zero-trust architecture.
- Transition away from VPNs and adopt zero-trust, cloud-based access management.
Single or Primary Vendor Security
Many of the concepts advanced under the label “Cybersecurity Mesh Architecture” can largely be distilled into an otherwise simple solution: single or primary vendor security. If security tools are failing to work in concert, then it may be time to pursue consolidation to a security stack from a sizable vendor such as IBM or Symantec. In Gartner’s own report on CSMA, the company cites positive outcomes from this approach, such as an improved dashboard integration and reductions in licensing costs.
There will still be a need to adopt specific out-of-vendor tools to fill niche roles, and under the guidance of Gartner’s CSMA report, those tools should be carefully integrated into the existing security stack using open standards or APIs.