What Security and IAM Managers Need to Know About Cybersecurity Mesh

Oren Harel
February 15, 2021

In their analysis of the coming year’s top strategic technology trends, Gartner identified Cybersecurity Mesh as a trending technology for 2021. According to Gartner, Identity Authorization Management is moving away from the all-encompassing security boundary and they estimate that by 2025, “the cybersecurity mesh will support over half of digital access control requests.” The move toward this new paradigm in IAM is being accelerated by the growth in flexible working environments that resulted from the global COVID-19 pandemic.

“As anywhere operations continue to evolve, the Cybersecurity Mesh will become the most practical approach to ensure secure access to, and use of, cloud-located applications and distributed data from uncontrolled devices.” Gartner, Top Strategic Technology Trends for 2021, Heiser, Jay, October, 2020

The Cybersecurity Mesh can be defined as a method of establishing secure boundaries for each individual access point and providing secure access regardless of location. Among the many advantages of this approach is that centralized Identity Authorization Management of each access point opens the possibility of security as a service (SaaS) and authorization as a service (AzaaS)

Beyond the Walled City

The old method of authorization, which provided a single point of authorization, no longer works.. This method  of  ‘identify yourself once and you’re in’ rules of access, was established to be used within the organization from connected devices, to a local server. The migration to out-of-office working with corporate assets stored in the cloud, created a growing number of exposed outside access points. Providing a single point of authorization, the new model is continual authorization,  Zero Trust Network Access (ZTNA). Cloud delivered and user focused, ZTNA minimizes risk exposure by enabling access to be granted as needed through fine-grained adaptive policies. With flexible anywhere operations, digital services are offered anywhere to customers and employees. Effective user identification provides the perimeter for secure remote access for an open digital workplace. 

 “Passwordless and multifactor authentication, zero trust network access (ZTNA), secure access service edge (SASE) and identity as the new security perimeter” Gartner, Top Strategic Technology Trends for 2021, Heiser, Jay, October, 2020

How the Cybersecurity Mesh Works

The Cybersecurity Mesh protects both the organization's network and out-of-network assets by its ability to provide secure access to data from any access point. A decisive and reliable identity verification process, alongside stringent policies, is provided through a zero-trust cloud delivered service. Decisions are then enforced through a public cloud, or as a protection layer in front of the IT assets, and then applied to those assets.

By establishing a digital first and location independent strategy, services are easily accessed through the distributed cloud. The Cybersecurity Mesh embraces the requirements of remote working by providing secure access to IT assets as needed, at any time, and from anywhere. It works by applying an individual security perimeter to each user or thing. 

How PlainID Fits in to The New Way of Thinking

Plain ID’s Policy Manager uses Policy Based Access Control (PBAC) to centrally manage access decisions by focusing on the connectivity between each identity and the services, data and functions they access and allowing fine-grained management of access.

One example of this is in the area of microservices. Authorizations are enforced within a service mesh (not to be confused with the cybersecurity mesh) which runs in parallel to the microservices and injected PlainID sidecar. The PlainID Policy Decision Point (PDP) helps to enrich identity and asset data as needed, while the policy cache and Policy Administration Point (PAP) manage the policies.

Multi-factor authentication levels are delivered in the request header of the policy. Any part of the requests (header, payload and URL) can be used to enforce the relevant access. External attributes, such as days, can be added and entitle advanced actions. For example, in the marketplace portal for banking, user 1, as identified, can only access their own bank details. The solution is deployed into the service mesh as a microservice so if user 1 tries to access authorized data for user 2, access will be denied. Policies are easily and efficiently managed in the user interface, changed and deployed immediately through the sidecar and enforced.

PlainID’s identity authorization management solution is resilient, scalable and secure, ensuring real time automated access control decisions and enforcement. With capabilities to enrich decision making, management and distribution, PlainID provides a full stack authorization as a service solution, supporting cloud services. Dynamic fine-grained policies define who has access to what assets and when.

The service mesh is secured through distributed enforcement and centralized management of policies. Attributes are used as the foundation of the identity. Policies are then formed, from the attributes, to create security perimeters individually around each identity establishing the Cybersecurity Mesh.

To see PlainIDs PBAC solution in action, click here to schedule a demo with a member of the PlainID team

Here's our best practices for implementing authorization policy in Service Mesh

All statements in this report attributable to Gartner represent PlainID’s interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this article.) The opinions expressed in Gartner publications are not representations of fact and are subject to change without notice.

Most Popular Posts