Skip to main content

Developing a cybersecurity mesh

security
(Image credit: Shutterstock / Rabbit_Photo)

The way we live and work has changed drastically over the past several years and Covid has only accelerated certain trends and practices. Many were already working from home before 2020 and many businesses were in the process of developing a functional hybrid working model. As with any structural changes to a business – be they physical or not -- the way we deal with and enact cybersecurity also has to evolve and shift. As a result of a dramatic and almost overnight shift to how most of the country operated, 2020 presented a serious challenge to the cybersecurity paradigm of component-based security with hard security boundaries and associated security domains, as business needs and operations have shifted from traditional practices.  

With a greater demand for flexibility and agility, rigidly structured cybersecurity defenses, once robust, are now increasingly unfit for purpose. Hacks and ransomware have exposed to the public that our protective systems are failing like never before. 

There is no denying that cybersecurity teams have found themselves in an increasingly complex situation, but the last few years have been a period that has allowed teams to evolve their plans at a rapid rate. The adoption of the cybersecurity mesh has been accelerated by multiple drivers, including digital initiatives and the opportunity to take advantage of IoT, AI, Advanced Analytics and Cloud. 

These drivers, along with the demand for increased flexibility, reliability and agility, have led more and more businesses to adopt a cybersecurity mesh. This distributed architectural cybersecurity approach allows for greater scalability, flexibility and, crucially, reliability.

What are the driving factors? 

Working with our clients, we have identified several converging technology trends that are collectively driving the adoption of a new paradigm. These include using microservice-based architectures operating under a zero-trust framework, leveraging service mesh and entity authentication and authorization services. We’re also seeing an increasing emphasis on policy-as-code aligned to dev-sec-ops with enhanced automation, as well as the adoption of alternate trust models, such as blockchain, to provide for distributed services and a more information-centric security model, encouraged by privacy concerns as recently stressed by Schrems2.

Ultimately, the ongoing breakdown of the traditional technology stack with the increased virtualization of services and capabilities means the way businesses protect themselves is due for an upgrade.

Hackers and malicious attacks have been growing in rate and size over the past few years, seizing vulnerabilities and fears at every opportunity. Throughout 2020, it seemed like another high-profile breach or ransomware case was always dominating the news cycle. Unfortunately, this trend is already beginning to bleed into 2021, with several high-profile cases already being reported by March. 

Cybersecurity is all about matching and topping circumstance, so as the way we work changes, the way we protect our work must also adapt. After all, with change comes the exposure of new weaknesses. In ‘typical’ times, these changes happen gradually, allowing you to patch as you go. However, our world is anything but typical these days which means our cybersecurity approach needs to be as revolutionary as possible. 

By adopting a cybersecurity mesh, organizations can achieve this, as it puts information at its heart and offers the required agility at this time.

Forces for change 

Our society functions on the back of data, and we live in a world that is led and altered by information and data and actively encourages data to be given away and used. In fact, according to predictions shared in May 2020 from the International Data Commission (IDC), the total amount of data captured, copied and consumed is believed to have reached 59 zettabytes in 2020. While this is said to have dramatically increased due to Covid-19 and an abrupt increase in working from home, which has changed the mix of data created to a richer set, many still predict this number is set to increase year-on-year. Effectively, this means that data and information will continue to sit at the heart of everything we do. It's the lifeblood of business, and our ability to access information on demand in our personal lives has changed the way our society functions. 

As data and computing criticality and agility increases so too must our lines of defense evolve to match them. It means that the very defenses we employ and the protections we rely on should also be putting information at their heart. They should also rely on real-time updates and adapt as and when needed to match the trends in our society and businesses.

Adding controls

These forces for change are interwoven into a new paradigm, cybersecurity mesh. It’s a world where data and compute move around in an agile fashion in bite-sized chunks, controlled through the provision of key trust services that provide controls like asset validation, asset verification, asset integrity, authorization rights and cryptographic services. As such, deployed federated assets can be secured through policy in an agile way in diverse deployed environments. 

It might sound odd to say that this is something that allows for both flexibility and control all at once. But consider this: the very forces of information centricity is providing the means to protect it. Effectively, this allows your vital assets to be secured through a robust policy in an agile way, regardless of the environment. 

Overall, the cybersecurity mesh will continue to be a key trend in 2021 and beyond as it offers things traditional cybersecurity methods do not. It allows us to be agile, to be flexible and to be robust while providing control in a world where control can feel like nothing more than a word. Organizations have always understood the value of data and the value of protecting it, but as industries become more competitive for customer attention, customer experience will become a bigger focus and competing factor. Being able to keep private information secure, to protect your data, employees and customers, will be a base requirement for many, and the cybersecurity mesh will increasingly be adopted to help meets these needs.

Alex Baxendale, Vice President Consulting Expert, CGI in the UK

Alex Baxendale is Vice President Consulting Expert at CGI in the UK.