This blog is part of a series to help organizations of any size optimize their security. Our experts provide insights and recommendations based on common security use cases, customer questions, and security software developer needs.
It’s a common pain point: Organizations want and need to resolve security technology silos to harden their security posture. The solution? Coined by Gartner as a 2022 technology trend, a cybersecurity mesh architecture (CSMA) refers to an approach that integrates security tools into a scalable, collaborative ecosystem. Its promise lies in its inherent ability to create much more stable and reliable security than other security architectures.
While CSMA is currently more of a concept than a concrete end-to-end solution, it holds promise as a viable framework to account for everything from analytics and controls to threat hunting and Zero Trust objectives.
Why should an organization consider implementing CSMA?
The increasing complexity of multi-cloud and hybrid cloud environments along with expanding attack surfaces due to changing workforce models are creating more and more layers of possible vulnerabilities and interoperability gaps. ZDNet estimates most organizations deploy an average of 47 cybersecurity technology solutions, which creates unmanageable complexity and hours of required maintenance to keep each solution running optimally.
CSMA tackles these issues by using composable technologies coupled with strong standards and policies to create an ecosystem of security tools that integrate across all its components for maximum security.
Does CSMA work with Zero Trust?
CSMA isn’t a replacement for Zero Trust. Instead, it incorporates Zero Trust as one of its foundational layers. While Zero Trust is based on the principles of identity and access management and authentication, CSMA seeks to ease the transition to Zero Trust through adaptive and scalable services, tools, and processes.
What makes CSMA more scalable than other security architectures?
Pretend you’re building with interconnecting blocks. You can add pieces anywhere you want to create your design, or you can take some out if you don’t need them in a certain spot anymore.
If you want to add or remove pieces only in certain circumstances, you can do that, too. A big plus is that all the pieces work together no matter how often you add them in or remove them.
That’s the concept of composable technology, and it’s the backbone of what makes CSMA scalable, agile, and responsive. Composable technology allows for pools of both real and virtualized resources to meet computing needs as they arise.
Most security architectures today include tools and technologies that do not work seamlessly together, resulting in security gaps.
How does CSMA work?
A key tenet of CSMA is to compose a set of computing tools and resources using a unified API (application programming interface), allowing this pool of available resources to be automatically requested as needed for specific applications or workloads.
In the case of security, composable technology allows users to take their existing applications and right-size delivery without forcing those applications into static or siloed hardware. Solutions within CSMA take an API-first approach: They prioritize the connections between hardware and software while incorporating rigorous sets of security standards and policies in those connections. When this happens, the connections become more secure and take precedence as the process drivers, making hardware a secondary concern.
Under the umbrella of CSMA, the new connections created using a unified API merge artificial intelligence, machine learning, and automation to scale an organization’s security with minimal complexity.
What role do standards and policies play in CSMA?
The Zero Trust mindset easily translates into CSMA. All data, systems, and equipment should be accessed securely regardless of location or how widely distributed an environment may be.
CSMA brings in the discipline of governance to the Zero Trust mindset, with standards and policies enforced through every API connection created to enable the highest possible level of security. A central policy mechanism that acts throughout the entire ecosystem is paramount to grant, deny, or revoke access to any authentication request: individual, endpoint, workload, or network component.
Enforcement and continued administration of these policies across every device and resource is key for CSMA to work as intended.
How do you know it’s working?
Part of IT’s responsibilities in maintaining any security architecture includes reporting results upwards, and CSMA is no different. The best way to do this is to establish KPIs (key performance indicators) that show how your CSMA is delivering the expected results.
Determining which KPIs are essential to track and report before implementing CSMA is important to help determine how certain connections are composed within the ecosystem. Certain KPIs may be high level, such as how your CSMA strategy affects overall business outcomes or how your organization is meeting required frameworks, such as NIST.
Other necessary KPIs may be more technical and actionable at the team level. Some to consider include:
- Number of intrusion attempts
- Mean time to detect
- Mean time to respond/resolve
- Number of systems with known vulnerabilities
- Number of SSL certificates configured incorrectly
- Volume of data transferred using the corporate network
- Number of users with the highest access levels
- Number of connection ports open at any given time
- Frequency of third-party access
- Delays and downtime
The above is simply a starter list, and the KPIs your organization chooses to track will depend on its unique environment and CSMA ecosystem.
Get started on your cybersecurity mesh architecture journey
If you’re not sure about your security posture or how your organization’s security tools and solutions are currently working together, a security assessment can help you develop a clear view of your current state and possible remediations. Visit the Professional Services for Security resources section for overviews on the different types of assessments available.
For more support, read the first blog in this series, “The Security Toolbox: Building a SOC on a Budget,” which outlines the common tools and methodologies for a security operations center.