Gartner 2022 security trend #7: Cybersecurity Mesh

This is the seventh and final entry in our series of articles about the seven key trends identified in Gartner’s report “Top Trends in Cybersecurity 2022,” released to its clients last March. The final trend to be discussed is “Cybersecurity Mesh.”

This trend refers to the emergence of a new category of solutions and services that Gartner calls a cybersecurity mesh architecture (CSMA). In a remarkable statement of how important they consider this trend, Gartner predicts that in just over a year, the adoption of CSMA will enable organizations to reduce the financial impact of any given security incident by 90% on average.

That’s a big impact.

Forces driving the trend

Notwithstanding the effects of the vendor-consolidation trend discussed in our previous blog post, Gartner expects that organizations will continue to deploy a variety of security solutions to solve different types of security problems. And these solutions work in isolation from each other.

As long as disparate solutions are not capable of interoperating and communicating with each other, the goal of a comprehensive, dynamic security infrastructure — one whose parts adapt to adjust the overall security posture in response to security incidents — will remain out of reach.

The emerging concept of a CSMA is to act as a set of tools that enable the interoperability of multiple, disparate, stand-alone security systems. This lets different tools share and leverage real-time threat intelligence and dynamically adjust policies in response to current circumstances.

In order to accomplish this, CSMAs must employ a common threat-intelligence and analytics layer, a distributed system for identity management, and a centralized policy engine that can be managed through a comprehensive dashboard.

Building the elements of CSMA

While a truly universal CSMA solution has yet to appear, Gartner cites a number of developments being pursued by a variety of working groups and industry alliances whose output should help make true CSMA possible. These include:

• The Shared Signals and Events Working Group and the Continuous Access Evaluation Profile, both established by OpenID, aim to create a common taxonomy and vocabulary for sharing security event information and other related signals among security systems.
• The development of Identity Query Language, defined as a “declarative access policy and set of APIs that enables the mapping of a centrally managed policy into the native format of multiple clouds and application platforms.”
• The emergence of the XDR Alliance, an industry group dedicated to developing tools and protocols to simplify and streamline the application of Extended Detection and Response principles.

Potential challenges

Many vendors already provide integrated security product suites that deliver significant aspects of a CSMA. However, many of these solutions still struggle to provide truly deep integration with third-party security tools. To the extent that these vendors rely on proprietary technology, it is possible that organizations may find themselves tied to multiple solutions that cannot be integrated even with advanced CSMA protocols and tools.

Getting ahead of the trend

Gartner recommends that organizations seeking to fulfill the promise of CSMA focus their security purchasing on products that emphasize interoperability using both established and emerging standards, and that will provide strategic advantage in an environment increasingly based on cloud-delivered applications and a hybrid/remote workforce.

In addition, the evolution of your identity and access management systems should focus on an integrated identity fabric that is separate from, and interoperable with, a wide variety of security products and solutions.

Subscribe to Journey Notes