In a security landscape flooded by acronyms, abbreviations, and labels, another has emerged: the cybersecurity mesh. By definition, it is an extension of zero-trust networking (ZTN), but do we really need another label? Isn’t it just ZTN under a different name? This article explores and tries to answer these questions.

Zero Trust Network (ZTN)

Before looking at cybersecurity mesh (CM) applications, it is crucial to understand the concept of a zero-trust network. As I wrote in a previous article, ZTN implementations assume all network segments and attached resources are hostile. Perimeters are established around resources (objects) that users and other entities (subjects) access. NIST SP-800-207 Zero Trust ArchitectureOpens a new window defines ZTN as a design “…to prevent data breaches and limit internal [italics are mine] lateral movement.”

To access objects, subjects must be continually vetted; a ZTN never assumes that because a subject authenticated once to the network, it remains uncompromised and trustworthy.  ZTN objectives include

•         Authenticating to applications instead of networks
•         Removing all applications from direct public visibility
•         Assessing user and device identity, device health, and session context before accessing any application
•         Encrypting all traffic
•         Eliminating privileged network segments and security zones
•         Analyzing user and entity behavior (UEBA)
•         Using multi factor authentication
•         Authenticating all devices

Zero Trust Security Model

Security zonesOpens a new window may still exist, but they should be as small as possible.  Access to any application or security zone should pass through a review process that enforces adaptive access control at each authentication point, be it a network segment or application.

Access between cloud resources and on-premises resources is also controlled as part of ZTN.  However, the increase in remote access to data centers and cloud resources due to COVID-19 has demonstrated a need to expand ZTN to subjects not located on the same enterprise network as the objects.

See More: What Is Zero Trust Security? Definition, Model, Framework and Vendors

Cybersecurity Mesh

Cybersecurity mesh expands ZTN from closing perimeters around data center objects to also creating perimeters around subjects and objects, not on-premises: especially users accessing objects from anywhere, anytime, with a variety of devices. It also enables organizations to bring cloud services into their ZTN infrastructures.  Adaptive access control with close analysis of both subjects and objects is a crucial element.

Solutions to implement security meshes are still emerging. This is a new security area that is still without standardization. However, IT and security teams can begin moving to mesh environments or prepare for the move in the following ways:

• Building mesh capabilities into applications.  Zero-trust requires an access control interaction between subject and object.  Applications must be able to participate in these interactions effectively.
• Ensuring simple implementation.  ZTN can make moving from object to object a complex or time-consuming process.  Continuous access control processes should be transparent to users unless a user’s network behavior or resource use moves outside of established baselines.
• Implementing adaptive access controls.  Many solutions exist for adaptive access control. It is becoming a mature technology that forms one of the key building blocks of ZTN and the expanded mesh.  Organizations should consider implementing it as part of the foundation for moving to collapsed perimeters.
• Auditing and integrating existing resources.  Like all enterprise-level controls, teams must understand what resources are connected, where they reside, how they are used, and how existing controls protect them.  Any move to a security mesh requires this information so that everything is included and new solutions seamlessly work with existing safeguards.
• Adding mesh training to other training activities.  Mesh is simply an extension of ZTN.  However, all IT and security teams must understand what is needed and management’s expectations for system design, implementation, and updates that move to a secure mesh.
• Vet potential cloud service providers and other partners.  Because the mesh moves far beyond on-premises controls, and because it closely manages subject access regardless of location, organizations must ensure that CSPs and software vendors understand cybersecurity mesh concepts.  Further, CSPs and vendors must already support mesh implementation or be moving in that direction.  This includes the integration of on-premises and cloud mesh infrastructures.

Cybersecurity mesh is managed via a centralized portal.  From this portal, security teams can manage rules that control access and apply those rules to subjects and objects regardless of location.  This also requires a CSP that understands an organization’s mesh requirements and is willing to work with customer organizations to ensure effective mesh implementation and management.

See More: Beyond the Zero Trust Hype: Is VPN Responsible for the Big Switch?

Final Thoughts

Cybersecurity mesh is an unneeded new term.  It is simply an extension of ZTN (a needed extension) that encompasses the complete set of subjects and the objects they access.  It extends zero-trust to entities regardless of where located and the devices used.

Mesh technology requires organizations that have not already done so to begin their move to zero trust.  This requires an inventory of objects, their locations, the entities that access them, and a baseline of everyday use.  Also needed is a shift in how IT and security teams see safeguard implementation.

We did not need another term, but we do need what it brings to the table.

Do you think it is time for your organization to adopt the cybersecurity mesh model to secure the network? Tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!