The second of Gartner’s “Top 8 Cybersecurity Predictions for 2021-2022” relates to one of their highlighted “Top Strategic Technology Trends of 2022” — cybersecurity mesh, also known as cybersecurity mesh architecture (CSMA).
By 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.
The advent of decentralized technology and access affects all organizations today to some degree; however, cybersecurity mesh architecture will be especially important to organizations that fully embrace remote working. These organizations may also employ many third-party contractors or have a geographically dispersed workforce. In general, any organization in which the majority of work isn’t organized into centralized, highly controlled units.
It’s important that even companies that return to a mostly office-based office environment adopt CSMA because it’s almost impossible to stop employees from working remotely on occasion or accessing data or applications (like email) from their personal devices or the company’s mobile devices on an uncontrolled network.
The concept of cybersecurity mesh builds on another popular trend in cybersecurity, Zero Trust. By introducing the principle of “don’t trust, always verify,” Zero Trust departed from the assumption that once a device or user is verified, it remains verified. In Zero Trust Network Access (ZTNA), verification takes place in every step – as well as with data, devices, applications, and users.
The cybersecurity mesh extends that approach to include all users, devices, networks, etc. regardless of location. As more employees work outside of traditional office networks either full time or occasionally, this is increasingly important. The concept of a traditional, controlled security perimeter no longer exists for the majority of businesses today. Those organizations that continue to use this old cybersecurity approach will face major problems.
Cybersecurity mesh is a fairly new term and there aren’t many solutions that specifically address it on the market yet. Businesses interested in working toward CSMA, however, should implement or mature their Zero Trust posture. There are many cases where ZTNA extends to outside use cases, bridging into the concept of cybersecurity mesh.
Within the next two years, organizations should adopt the concept of cybersecurity mesh by working to implement comprehensive solutions that specifically address verification and remote working situations. Implementing Zero Trust is a good start, but additional solutions are likely to emerge within the next 24 months as well.