A Cybersecurity Mesh Architecture for the Distributed Enterprise

By Jonathan Nguyen-Duy | September 16, 2022

The pace of changes in networking, security and computing in the last few years have been nothing short of amazing. Driven by the pandemic, accelerated cloud adoption and the widespread adoption of remote working, it’s becoming clear that the last iterations of networks are no longer able to support the new requirements for better user experiences and business outcomes. This wasn’t a problem back in 2016 because digital transformation was just an emerging trend, and while cloud adoption had been growing, computing was still quite centralized. A majority of the computing was still done within the enterprise perimeter—including the core applications at most organizations. In addition, most of the users were within that perimeter as well.

That began to change very quickly in the mid-2010s, driven by increases in cloud adoption and distributed computing. Enterprises started setting up hybrid environments with services on both private and public clouds—something that would have been unthinkable for many a few years earlier. At the same time, operational technology (OT) systems were becoming more complex—and more connected. Internet-of-Things (IoT) devices proliferated even more quickly than before. These macro trends and the rise of edge computing increasingly eroded the relevance of the traditional enterprise perimeter.

The COVID-19 pandemic further accelerated those already fast-moving trends. A sudden shift to near-universal remote work basically eliminated what was left of the enterprise perimeter. At the same time, customers demanded more remote provision of services, contactless commerce, and other digital services that had been niche before. It sent all of us scrambling to build and protect entirely new networking infrastructure and new applications—from scratch, in many cases. These hasty buildouts further accelerated cloud adoption and all the other trends associated with digital transformation.

Highly Distributed Networks—and Users

As we emerge from the worst part of the pandemic, it is clear that the world of work will never return to the “normal” of 2019. Instead, we’re moving into a “new normal,” with more fully remote workers than before, a large number of hybrid employees, and a relatively small number of entirely on-site associates.

Basically, our workers, our partners, and our customers are more widely distributed than ever before. More and more, we are accessing cloud-based resources directly from a multitude of new network edges from users and entities sitting in homes, hotels, cafes, as well as on autonomous manufacturing floors, and all manner of connected platforms. It is an evolution that shifts the focus from being site-centric to being user-centric. It is really about user experiences that lead to better business outcomes.

The Need for a New Approach

The question is this: With the massive changes in the threat landscape, computing, and networking that have occurred over the past six years, can cybersecurity strategy remain the same? The obvious answer to that question is no.

A decade ago, the traditional firewall protected a corporate perimeter that contained most of the business-critical data that needed to be protected. Today, that data sits in public clouds, private clouds, the enterprise edge, and, more. At the same time, the threat landscape has become infinitely more advanced, with the ability to launch sophisticated attacks becoming easier every day.

The result? As both threats and networking become more complex, the tools to manage network security have become more unwieldy. Given that, it is scarcely surprising that a critical mass of respondents list “too many emergencies,” security blind spots, and difficulty correlating data between solutions as their biggest challenges.

Cybersecurity Mesh Architecture

These problems are coming to a head at many companies. Gartner has embraced such consolidation in its Top Strategic Technology Trends for 2022 report, recommending something called a cybersecurity mesh architecture (CSMA).

In a nutshell, the idea of CSMA is that organizations should build a security architecture where all tools are integrated under a single ecosystem to deliver centralized visibility, share intelligence, automate threat response, and streamline security management. This “mesh” should extend to all parts of the infrastructure—public and private clouds, edge and IoT resources, OT infrastructure, and on-premises services. It should cover every “edge” in the enterprise—the LAN edge, the WAN edge, the data center edge, and the cloud edge.

The CSMA should integrate all layers of security, from network segmentation to zero-trust access to deception technologies. It should include all aspects of security management, threat detection and response, compliance reporting, and policy management. And it should encompass artificial intelligence (AI)-based detection of zero-day exploits and ongoing scanning for existing malware.

Security-driven Networking

Building a CSMA that is broad, integrated, and automated is critical to protect an enterprise’s assets in today’s world of highly distributed computing. However, I would argue that organizations should go one step further.

Just as the days of the traditional enterprise perimeter are behind us, so is the concept of a dedicated private network running exclusively on MPLS circuits. The move to software-defined networking is as monumental to the history of computing as the move from mainframes connected by local area networks (LANs) to servers connected by wide area networks (WANs).

As software-defined WAN (SD-WAN) is now the standard for virtually all enterprises, networking issues and security issues are increasingly intertwined. Doing root-cause analysis and mitigation at speed and scale means that organizations can no longer have siloed network operations and security operations centers (NOCs and SOCs) that use different, disconnected toolsets.

It really makes no sense for an organization to have an SD-WAN solution that is not integrated with the CSMA. Doing so keeps networking and security in separate silos, reducing operational efficiency while worsening the security posture. Security-driven networking, on the other hand, can enable the best network performance—for internal users, partners, and customers—while improving security.  This yields the consistent performance needed for enhanced experiences and better business outcomes.

Delivering Robust Digital Services

Computing at large enterprises is getting more distributed every day, expanding the attack surface and exposing corporate assets to an increasingly advanced threat landscape. At the same time, customers are demanding more robust digital services, putting pressure on application developers, network leaders, and cybersecurity professionals alike. Everything is accelerating, and enterprises must build a responsive computing environment that provides for richer customer experiences—and better business outcomes.

It is time to take a strategic, converged approach to security and networking. Successful CISOs will understand that when done strategically, security can create new opportunities to improve productivity, accelerate time to market, promote innovation and agility, and deliver on all the promises of digital transformation. When security and networking are put together, these benefits can only multiply.