By Simeon Tassev, QSA and MD at Galix
The evolution of technology has pushed the perimeter of organisations further and further towards the edge, and we no longer have the monolithic structures we did in the past. The cloud, the Internet of Things (IoT), even the Covid-19 pandemic accelerating the adoption of a work from home model, have contributed to what has, in effect, become a borderless world. This means that the traditional approach to security of locking down the perimeter is simply no longer enough. The perimeter cannot be easily defined, and the way in which we access services has fundamentally changed. Cybersecurity mesh has emerged as a framework to address this challenge, with a distributed security architecture that more effectively meets the challenges of today’s landscape.
Trust no one
With IT infrastructure so widely distributed and access so open, traditional perimeter security approaches simply do not work. Once a threat is inside, it can do untold damage. Organisations can’t rely on their brick walls and fortresses to protect them from cyberthreats, because so many devices need to connect from outside of those walls Zero-Trust Networking (ZTN) evolved as a result, based on the premise that no device, user or entity is trusted until they can prove they are trustworthy.
One of the criteria required to earn this trust is the ability to uniquely identify, without a doubt, who or what a device attempting to connect is. This is the basis of cybersecurity mesh, which focuses on the unique ID of the person or device instead of the network. Every person or connected device has an identifier, and cybersecurity mesh uses this to enforce controls based on identity and policies defined around this. As digital transformation continues to accelerate and we move further into the fourth industrial revolution, this becomes critical to effective cybersecurity.
Cybersecurity mesh, as the name implies, is a framework or concept that weaves together a variety of technologies, including software-defined WAN (SD-WAN), Cloud Access Security Broker (CASB), traditional endpoint protection, Secure Access Service Edge (SASE) and ZTN.
Like any woven fabric, it can be made of different fibres, and the fibres used will depend entirely on the needs of the organisation. Taking the fabric analogy further, there is no one size fits all approach. Different fabrics, different garments and different sizes are all suitable for different people and different occasions – a bulletproof vest might be necessary for a security guard, but a person visiting the gym would do better in a sweat-wicking shirt. The same holds true of cybersecurity mesh for businesses as well. One business might need higher levels of protection, while another might need something a little more breathable.
In addition, much like a woven fabric, there will always be holes. The bigger and more distributed the landscape, the harder it is to protect from all possible scenarios. It is critical to focus on what is important, which is specific to an individual organisation. In a highly connected world, businesses have to have the right processes and controls in place to block threats and detect and mitigate them if they penetrate, otherwise they could potentially sit for years without detection.
Understanding is key
To ensure adequate protection, it is essential to utilise the most appropriate weave of technologies for each use case. However, it is all but impossible to do this if a business does not, first and foremost, understand the use case involved.
For example, if an employee is in their home and connecting via secure WiFi, the controls required would be vastly different from those needed to secure an employee connecting via public Internet in an airport. The levels of access permitted in each scenario should also not be the same. Endpoint protection and CASB can help to control access to cloud-based storage, but this means that the right agent needs to be installed on the device.
The threat landscape has become complex, and so too has the protection required to safeguard organisations in a borderless world. Understanding is fundamental to solving some of the complexity. Questions that need to be asked include: what is the business case for allowing access, and is the flexibility required worth the risk involved? It is also important to bear in mind that remote working is absolutely the future, so businesses need to be prepared and have the right strategy in place to handle this.
The more controls in place, the more effective the protection, but this comes at a cost. Organisations must weigh up the risks, costs and benefits to decide on what level of security they require, and whether the impact in terms of speed, flexibility, operations and cost will justify it. Cybersecurity mesh is not a technology, but a framework that helps organisations weave the fibres of their security into a specific design that helps to manage and mitigate identified risk at levels acceptable to the business.
Understanding potential risk and mitigating it is a journey all businesses need to undertake. Engaging with the right partners can help to ensure that the right fibres are woven into the cybersecurity mesh to ensure security meets the requirements of business today and as we move into an uncertain future.