The cyber security mesh: how security paradigms are shifting

Alex Baxendale, vice-president consulting expert at CGI, discusses the rise of the cyber security mesh, and how the paradigms of cyber security have shifted The cyber security mesh: how security paradigms are shifting image

As the world around us has continually shifted over the last few decades, so too is the way we approach business and technology – and that all-important line of defence called cyber security. The traditional cyber security paradigms of component-based security with hard security boundaries, plus associated security domains (walled cities), are being undermined by the ever-increasing pressure for flexibility and agility of operations, combined with some key technological advances. But what is driving this new trend?

With more and more businesses adopting a hybrid working model, the way we deal with and enact cyber security also has to evolve and shift. What were once robust cyber security defences are now increasingly unfit for purpose, as the demand for flexibility and agility grows from a “would be nice” to a “must have”.

Without a doubt, the cyber security teams in your business are finding themselves in an increasingly complex situation. The adoption of the cyber security mesh has been effectively accelerated by several drivers, including digital initiatives and the opportunity to take advantage of IoT, AI, advanced analytics and the cloud. These drivers, along with the demand for increased flexibility, reliability and agility, have led more and more businesses to adopt a cyber security mesh. This distributed cyber security approach offers a much-needed chance for increased reliability, flexibility and scalability.

Shifting gears

In developing numerous projects and frameworks for our clients, various converging technology trends have been recognised, which are united in propelling the adoption of a new cyber security paradigm. These range from using microservice-based architectures that are operating under a zero-trust framework, to utilising entity authentication and authorisation services. We’re also witnessing a growing focus on policy-as-code aligned to DevSecOps with enhanced automation, alongside the adoption of alternate trust models to provide distributed services, and a more information-centric security model, encouraged by privacy concerns – as recently stressed by Schrems2.

Ultimately, the continued breakdown of the traditional technology stack with elevated virtualisation of services means the way organisations look to protect themselves is set for an upgrade.

Effective cyber security is about being able to match and marry your protection to the circumstances in the world around it. As a society, as technology and even government policy begins to change, so will your points of exposure. Of course, the past year has seen an acceleration in these changes, and this has demonstrated that businesses should be as prepared for the unlikely as they are for the likely, which is exactly what a robust cyber security plan should look like.

Ultimately, it’s embracing tools like a cyber security mesh that will enable organisations to successfully do this, as raw information sits at its heart, meaning informed decisions can be made with an unparalleled agility level.

A new offering

Having to shift your cyber security plans and structures continuously can seem daunting. However, with greater control and level of agility, the cyber security mesh makes this a much less terrifying prospect.

The cyber security mesh allows data and compute to move around in an agile way in smaller, more manageable chunks and controls them by providing key trust services. This, in turn, allows greater control through things likes asset verification and validation, cryptographic services and even authorisation rights, so deployed federated assets are secured through policy in diverse deployed environments.

It is this exact combination of flexibility and control that you are unable to find with other methods, allowing your vital assets to be secured through a robust policy regardless of environment.

The impact

In this day and age, business runs off of data – organisations are directed by information, and they actively encourage customers, clients and employees to share data to use and give away. It’s the lifeblood of enterprise, and our ability to access information on demand in our personal lives has impacted the way we expect data to be used and managed in our professional lives.

With data sitting at the heart of a business’s structure, your cyber security models need to encircle it to protect it from all angles. As such, there is a growing move towards a policy-centric model, which in and of itself will have an impact on organisational structure. The need for greater flexibility and agility will also enable increased use of automation, which will allow for responses to crisis to be flagged and dealt with more swiftly than before.

The cyber security mesh will continue to remain a key trend in 2021, as it provides necessary benefits which traditional cyber security methods simply can’t, including agility, flexibility, adaptability and reliability. While we understand the value of data and the value of protecting data, being able to keep this information private and secure will set businesses apart from one another, strengthening services and products as whole.

Source: https://www.information-age.com