The Role of Identity in Cybersecurity Mesh Architectures


Posted on by Eric Leach

There are several factors that have made the job of defending enterprises against attack more difficult than ever. A root cause of the problem is the continuing growth of cybercrime, which cost companies over $6 trillion in 2021 and shows no signs of abating.

The dramatic rise in remote work, with 74% of US companies either already using or planning to implement the hybrid work model on a permanent basis, has vastly expanded the attack surface available to cybercrime organizations. Further complicating the security challenge is the rise of multi-cloud deployments. According to one report, 82% of organizations with $1B or more in revenue use three or more clouds, up from 66% last year.

Security teams now need to deal not only with conventional on-premise security but with edge security and security in multiple clouds as well. To manage all this, the average enterprise operates 75 different security tools, most of which are incompatible. When an attack occurs, security ops teams may have to go back and forth between half a dozen different dashboards to get a full picture of what’s happening.

The Cybersecurity Mesh Architecture

Cybersecurity Mesh Architecture (CSMA), an architectural approach proposed by Gartner, creates an intelligent layer on top of existing security products. This simplifies the work of security teams and also gives them more power to deal with exploits rapidly and effectively. CSMA has four components, referred to by Gartner as layers, and they all have significant benefits.

  • Centralized security and analytics. In a CSMA, data from disparate sources are consolidated and analyzed in real time. This gives security teams a comprehensive picture of a threat and can also trigger an appropriate response, which may be manual or automated.
  • Distributed identity fabric. This layer handles directory services and provides authentication and authorization capabilities that are better suited to today’s distributed environments.
  • Consolidated policy management. CSMA lets security teams create a single set of policies and then transmit them to various individual security tools so that these tools are properly configured with no need for manual intervention. The result is policies that are consistent enterprise-wide, with much less work when changes are needed.
  • Consolidated dashboards. The ability to see a composite view of the enterprise’s security ecosystem on a single pane of glass is a game-changer for security ops, as it dramatically simplifies threat management and leads to faster, more effective responses.

    Of these four, the identity fabric deserves special attention, primarily because it enables identity-driven security. Identity is emerging as a critical element of the security stack since it is considered to be the new “network edge,” especially in the cloud, where identity is the primary control used to protect sensitive applications and data.

    Identity and access management (IAM) systems provide context about events to the CSMA that would not otherwise be available. Who is the user? Has this happened before? When? How many times? The information gathered by IAM can reveal suspicious activity by itself. For example, if a “customer” accesses a bank account ten thousand times in one day, there’s obviously a problem. Given the dispersed nature of today’s IT infrastructures, with vulnerable resources at the core of conventional networks, on the edge, and in multiple clouds, many security professionals have come to believe that “identity is the new firewall.”

    Challenges and Best Practices

    Deploying a modern identity fabric does present challenges. Over time, IAM systems are traditionally deployed to solve specific problems without much long-term planning. The result is a collection of identity silos. This is complicated by the fact that IAM systems are architected and deployed with only superficial compatibility in mind. Furthermore, each IAM system becomes tightly coupled with each application on a one-to-one basis.

    In order to obtain the full benefits that an identity fabric can contribute to CSMA, consider these best practices.

  • Use an orchestration layer that can integrate various IAM systems and eliminate the need for one-to-one integrations with applications.
  • Feed security risk signals into the CSMA via the identity fabric to provide granular context that makes it easier to detect potential threats.
  • Choose standards-based technologies to ensure interoperability.
In the typical enterprise, security tools, including firewalls, anti-virus, intrusion detection, etc., and IAM systems have evolved independently, but for an effective CSMA, they need to work together. This is an achievable goal, and the first step is eliminating identity silos.

Contributors
Eric Leach

Co-Founder and Chief Product Officer, Strata Identity

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community