Lou Senko to lead as Chief Availability Officer (CAO) Q2hosting, security, and compliance teams to deliver an enhanced customer experience.
Let’s say you want to protect your home and belongings. There are alarm systems for doors and windows, alarm systems for garage cars, alarm systems for high-end electronics, and alarm systems for bedroom safes. You have all these different systems, but they can’t communicate with each other. So if someone breaks in through a window, it’s clear that if a malicious person breaks into one area of his, all areas are at risk, but other systems are notified to take action. It will not be.
But what if the system was connected and could act quickly to lock down the house, garage, and all assets within it whenever an anomaly was detected? If opened at 3 o’clock, the system disables overhead garage doors and car ignitions, locks all doors entering the home, and calls with an alert. If it turns out that a teenager just sneaked in through a side door, you can reset the entire system to allow access.
This is the idea behind a modern cybersecurity strategy called Cybersecurity Mesh Architecture (CSMA). CSMA is a synergistic ecosystem of tools and controls for securing modern distributed environments.
how did you get here
As I wrote in my previous post in 2021, over 93% of organizations in the cloud are using multi-cloud solutions. This means we use cloud services from multiple providers. Despite the proliferation of multi-cloud approaches, the majority of organizations still have their servers on-premises. According to a 2022 study, only 7% of organizations are cloud-only. As such, a common model is a multi-public/private cloud strategy, also known as a distributed cloud.
Previously, we treated this complex environment as a boundary. Everything was safe inside the perimeter and not safe outside. But distributed cloud structures have fragmented boundaries. This has led to a move to a Zero Trust strategy. A Zero Trust strategy assumes that no one can be trusted and that the network is under constant threat from internal and external attackers.
My company Q2 operates 14 different cloud hosting environments (including AWS, Azure, and data centers), protecting over 35 million end users and 41 petabytes of data. In such a complex environment, the challenge is to build the same robust security posture in all environments. This requires different sets of tools for public and private clouds.
Organizations operating in distributed cloud environments end up using dozens of different tools that are constantly updated, overwhelming security teams and compromising security. Every new threat requires implementing new tools or new configurations. Many of these tools need to be updated whenever changes are made to the system, all of which introduces the potential for misconfiguration and human error. Not to mention that security teams are inundated with individual security notifications from all these tools.
One solution was to put all the data in a data lake and use a SIEM (Security Information and Event Management) tool to centralize security alerts. They often use SOAR (Security Orchestration, Automation, and Response) technology. SIEM and SOAR can be used to report, analyze and act on anomalies (suspicious activity). The problem with this architecture is that it cannot process huge amounts of data in real time and requires human involvement in responding. By the time humans are notified, triaged, and acted, the system is already under attack.
Enter CSMA, which removes the monitoring, analysis, correlation, and human elements from the equation. Instead, when one tool detects a threat, it notifies other tools, often using AI to determine and take the best response. The result is less management complexity, fewer errors, better visibility, and better coordinated automated responses in real time. Additionally, tools can be updated and managed from a central plane.
Mesh architecture is neither a product nor a service. It’s a strategy. It starts with vendors working with customers to buy into this vision. Instead of feeling threatened by having to do everything for everyone, vendors understand the empowerment that comes from working together.
We have several major vendors starting to consolidate with roadmaps for the next six months and have the ability to reach out to other vendors and persuade them to join our network. Once one vendor sees the benefits and customers talk about how this mesh has enhanced her architectural vision, other vendors start integrating and gaining traction.
All this is driven by the market. We need to come to the general idea that working together makes us all stronger, and if you (being a security tool) can’t connect to the mesh, we don’t need you. managed separately. This means it is a single point of failure that reduces the overall effectiveness of all other tools. Must play in this new game. Otherwise we can’t afford to get you.
In 2022, Gartner named CSMA one of the top 7 cybersecurity trends and predicted that by 2024, organizations adopting mesh architectures would reduce the economic impact of individual security incidents by an average of 90%.
It’s imperative to not only add CSMA to your strategy, but make sure you’re implementing tools that allow you to take the next step with integration.
If you think you can afford to ignore the cybersecurity mesh, consider: In 2021, there were at least 66 known zero-days (new vulnerabilities with already known exploits). That number was almost double the number in 2020. You have to move faster.
The Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. am i eligible?