There are several factors that have made the job of defending enterprises against attack more difficult than ever. A root cause of the problem is the continuing growth of cybercrime, which cost companies over $6 trillion in 2021 and shows no signs of abating.
The dramatic rise in remote work, with 74% of US companies either already using or planning to implement the hybrid work model on a permanent basis, has vastly expanded the attack surface available to cybercrime organizations. Further complicating the security challenge is the rise of multi-cloud deployments. According to one report, 82% of organizations with $1B or more in revenue use three or more clouds, up from 66% last year.
Security teams now need to deal not only with conventional on-premise security but with edge security and security in multiple clouds as well. To manage all this, the average enterprise operates 75 different security tools, most of which are incompatible. When an attack occurs, security ops teams may have to go back and forth between half a dozen different dashboards to get a full picture of what’s happening.
The Cybersecurity Mesh Architecture
Cybersecurity Mesh Architecture (CSMA), an architectural approach proposed by Gartner, creates an intelligent layer on top of existing security products. This simplifies the work of security teams and also gives them more power to deal with exploits rapidly and effectively. CSMA has four components, referred to by Gartner as layers, and they all have significant benefits.
- Centralized security and analytics. In a CSMA, data from disparate sources are consolidated and analyzed in real time. This gives security teams a comprehensive picture of a threat and can also trigger an appropriate response, which may be manual or automated.
- Distributed identity fabric. This layer handles directory services and provides authentication and authorization capabilities that are better suited to today’s distributed environments.
- Consolidated policy management. CSMA lets security teams create a single set of policies and then transmit them to various individual security tools so that these tools are properly configured with no need for manual intervention. The result is policies that are consistent enterprise-wide, with much less work when changes are needed.
- Consolidated dashboards. The ability to see a composite view of the enterprise’s security ecosystem on a single pane of glass is a game-changer for security ops, as it dramatically simplifies threat management and leads to faster, more effective responses.
Of these four, the identity fabric deserves special attention, primarily because it enables identity-driven security. Identity is emerging as a critical element of the security stack since it is considered to be the new “network edge,” especially in the cloud, where identity is the primary control used to protect sensitive applications and data.
Identity and access management (IAM) systems provide context about events to the CSMA that would not otherwise be available. Who is the user? Has this happened before? When? How many times? The information gathered by IAM can reveal suspicious activity by itself. For example, if a “customer” accesses a bank account ten thousand times in one day, there’s obviously a problem. Given the dispersed nature of today’s IT infrastructures, with vulnerable resources at the core of conventional networks, on the edge, and in multiple clouds, many security professionals have come to believe that “identity is the new firewall.”
Challenges and Best Practices
Deploying a modern identity fabric does present challenges. Over time, IAM systems are traditionally deployed to solve specific problems without much long-term planning. The result is a collection of identity silos. This is complicated by the fact that IAM systems are architected and deployed with only superficial compatibility in mind. Furthermore, each IAM system becomes tightly coupled with each application on a one-to-one basis.
In order to obtain the full benefits that an identity fabric can contribute to CSMA, consider these best practices.
- Use an orchestration layer that can integrate various IAM systems and eliminate the need for one-to-one integrations with applications.
- Feed security risk signals into the CSMA via the identity fabric to provide granular context that makes it easier to detect potential threats.
- Choose standards-based technologies to ensure interoperability.