CSMA as a Strategy
Earlier this year, Gartner raised a significant question about the growing gap of interoperability between security tools. There are a number of reasons why modern security is often siloed. As our understanding of cyber crime grows, new attack surfaces increase the need for specific solutions to address each exposure. These solutions are often ad hoc integrations that create an overlap in responsibilities across multiple (often expensive) platforms.
Additionally, the shift to remote work caused by the pandemic didn’t help. Organizations struggled to fully migrate to the cloud and fortify security measures across a fragmented defense perimeter. Another hurdle is presented when you take a look at the evolution of criminal tactics. Attackers don’t think in silos the way organizations do. Therefore, cyber attacks aren’t symmetrical to cyber defenses. Attacks are increasingly focused on external resources outside of the traditional perimeter: IoT, the public cloud, software supply chains, and the trade of stolen data. All of these challenges compound upon each other to push the industry forward into fresh cycles of how we think about cyber security. Enter Cyber Security Mesh Architecture (CSMA).
Gartner coined the term CSMA and named it a top security trend of 2022. The term “cyber security mesh” has been around for a while, but what exactly is CSMA? Well, it’s more of a strategy than an architecture. With CSMA, organizations are encouraged to deploy security solutions that play nice with each other, rather than security tools working in silos. Security mesh solutions are designed to bring together disparate security controls to reduce the complexity and required time commitment to detect, investigate, and respond to incidents. Another way to think about CSMA is as an end-to-end Zero Trust Networking (ZTN). In a zero-trust environment, all subjects are continuously vetted; all traffic is encrypted; and user health, device health, and session context are all assessed before access is granted to the network.
CSMA is designed to make security more scalable by modularizing security functions and enabling them to interoperate through a set of supportive layers.
- Security Analytics and Intelligence: Solutions at this layer focus on processing data from past attacks to inform future action and trigger appropriate responses. Think SIEM and SOAR tools. UEBA tools also play in this space as they work to detect behavioral anomalies, reduce insider attacks, and gather contextual data.
- Distributed Identity Fabric: This layer provides the identity and access management essential to a ZTN model. Capabilities should include decentralized identity management, directory services, identity proofing, entitlement management, and adaptive access.
- Consolidated Policy and Posture Management: This is an integration layer for IT personnel to translate security policies across various environments or tools. It allows policies to be enforced consistently within a greater unified whole.
- Consolidated Dashboards: Disconnected security solutions often means operations must switch between multiple dashboards. CSMA requires a single pane management of the security ecosystem.
According to Gartner, “”By 2024, organizations adopting a CSMA will reduce the financial impact of security incidents by an average of 90%.”
If your disparate security tools aren’t well working together, then it might be time to consider a consolidated security stack from a Volta partner like IBM or Fortinet. This approach has the innate benefits of improved dashboard integration and reductions in licensing costs. Even if you engage with one large vendor, there’s still a need to adopt out-of-vendor tools to fill niche roles. Volta has been building out our own flexible mesh architecture, which we utilize to manage security for some of our clients. Start a conversation with us if you’re interested in learning more.
The technology industry might not be in the perfect position to embrace CSMA, but with tastemakers bringing it to the forefront, a philosophical shift towards this type of strategy could drive the market, which in turn has an impact on the adoption of these architectures by organizations over time. CIOs know that interoperability is a key factor towards creating the most secure environments for their businesses. These questions remain: “Which path do you choose to get there?”, “At what cost?” and, “At what point in time do you make the leap?.”