What is Cybersecurity Mesh Architecture?

Cybersecurity mesh architecture (CSMA) provides a security support layer to enable distinct security services work together, improving security agility for the composable digital enterprise. CSMA provides a flexible and scalable foundation that provides platform-like security by bolting on protections for assets in a multi-cloud, SaaS-driven environment — composable security for the composable enterprise.

CSMA creates a security posture through integrated security tools, each of which are normally siloed and tailored to a specific computing or informational environment, such as IaaS, virtual machines, SaaS, identity, data, and endpoints. Typically, security controls have been developed for a specific IT object.

Identity Security

CSMA allows for an identity-based approach to security and protection, infusing security into the identity control fabric to combat the increase in security complexity by adapting security systems to be more integrated, focusing on centralized administration and decentralized policy enforcement — delivered through identities.

CSMA Support Layers

Organizations deploy supportive layers for a long-term CSMA strategy and use the best-of-breed approach from the start — ensuring key pillars for CSMA’s long-term success. CSMA embraces the composability, scalability and interoperability of security controls, thereby applying protection congruent with the composable digital enterprise.

Cybersecurity mesh architecture (CSMA) provides four foundational layers to enable distinct security controls to work together in a collaborative manner and facilitate their configuration and management.

Security Analytics and Intelligence

Combine data and information, lessons learned, and insights from other tools to provide analysis for risks and threats, as well as trigger correct responses given the security intent or outcome. Security analytics has traditionally been the hallmark of tools like security event and information management (SIEM) and orchestration platforms for triggering responses like security orchestration, automation, and response (SOAR). With the addition of threat intelligence, often native to SIEM and endpoint tools, security teams can leverage this support layer and the knowledge it contains for tailoring defenses for composable assets.

Distributed Identity Fabric

Today, the distributed identity fabric is how, when, and where the enterprise makes contact with SaaS services and apps. To solve the challenge of composable security, then, security leaders must focus on identity — the point at which security can be realized. The distributed identity fabric is inextricably connected to SaaS security, because of the two-pronged challenge of the composable digital enterprise: 1) identity sprawl, 2) where it sprawls (SaaS). The identity fabric is already distributed and shows itself through SaaS-identity relationships, connections, and contexts.

Given the interdependency of identities and technologies, securing the composable enterprise is most effective when oriented around identities — the only available corporate asset in continuous relationship with the SaaS service. Identities consume composable technologies (e.g., SaaS) directly, so it is important for cybersecurity mesh architecture to concentrate on the distributed identity fabric.

Consolidated Policy and Posture Management

Translate a central policy into the native configurations for security tools (one or many) or, as a more advanced alternative, provide dynamic runtime authorization services across cloud and infrastructure environments, including platforms-as-a-service (PaaS).

Securing workloads starts with security policies tuned for cybersecurity mesh architecture, thereby demonstrating the target state of the composable environments. By taking a global view of all environments, consolidated into a single posture framework, security teams can more quickly mitigate risks most relevant to them regardless of the composition of their unique environments.

Consolidated Dashboards

Rather than examining security posture from environmental-specific dashboards and portals (CSPM for cloud, EPP for endpoint), security teams can have a consolidated view of posture, rooted in identity. Consolidated dashboards offers a composite view of the composable security ecosystem, enabling a “cockpit” for security teams to more quickly respond to risks and threats.

Existing approaches to identity and security architectures are not sufficient to meet today’s rapidly changing demands. CSMA helps provide a common, integrated security structure and posture to secure all assets, whether they’re on-premises, in data centers or in the cloud. CSMA enables stand-alone solutions to work together in complementary ways to improve overall security posture by standardizing the way the tools interconnect.

Related Blog Posts

How Cybersecurity Mesh Architecture Can Enhance SaaS Security

What Is Cybersecurity Mesh Architecture (CSMA)?

Talk to an Expert

Request a consultation and receive more information about how you can gain visibility to shadow IT and control access to these apps.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.