Cyber Security Mesh Architecture: The Emperor's New Clothes


  • Mariam Triki
  • Published: 08 February 2023


When it comes to implementing and selecting security tools and strategies, Cyber Security Mesh Architecture (CSMA) offers an integrated, centralized approach for building a security layer that offers a consistent security posture across platforms, allowing for surveillance of an environment as a whole rather than monitoring each component separately. Adopting CSMA is the cybersecurity equivalent of building both a security control room that provides a view of every attack angle and an operations centre for all security procedures.

Recent claims that CSMA can reduce your risk by 90% are certainly exciting – but in reality may be wildly overstated, while the complexity of its delivery is likewise underestimated1. Certainly, building an all-encompassing and coherent cybersecurity mesh would reduce the impact of cybersecurity attacks (and in certain cases stop them all together) – but establishing such a coherent and well-integrated CSMA is likely beyond most organisations. 

Exploring current challenges

Modern applications are conceptualised using a decentralised architectural approach: breaking them into smaller, more manageable components that are deployed using a hybrid or multi-cloud strategy and made available to users from a wide range of devices. This fragmentation presents new challenges for security teams through the creation of blind spots at the edged of these co-existing technologies and increasing the surface of attack, especially at the networking level connecting all components of an application. 

Often security tools and teams are focused on monitoring and maintaining each platform separately, and accordingly are not seeing the full picture. As a remedy, organisations opt for a multi-vendor and multi-tooled approach. However, the incompatibility of solutions offered by different vendors again creates boundaries, with each solution admin walled in and losing the desired bird’s-eye view. Some trivial warning within the application logs might not be enough to trigger the alarm klaxon, but when combined with warnings from other platforms can indicate serious or nefarious activities. An omniscient CSMA is therefore an attractive proposition.

CSMA benefits

CSMA seeks to shift focus, resources, and investments to a cloud-delivered, location-independent cybersecurity layer. Extensible intelligence technology and security analytics are selected so that internal structure and data flow are unaffected, or only minimally affected, by new or modified functionality. Interoperability through the connection and integration of disparate tools within the ecosystem eliminates silos and blind spots.

Following CSMA guidelines will create an architecture that incorporates: 
• An identity fabric following zero-trust rules and principles   
• A consolidated control panel (via a uniform set of dashboards) offering a comprehensive view of security ecosystem
• Provider-agnostic, consolidated policy management platform and tools
• Automated analytics and intelligence detection and response, drawing from several data sources and findings from a collection of security tool 

So about this 90% reduction in risk…

The mooted 90% risk reduction is based on the enhanced visibility CSMA supports – better visibility allowing for earlier detection and the swifter prevention of attacks. 

An organisation-wide security layer will eliminate unnecessary repetition and provide for centralised policy and posture management, making it simpler to enforce a coherent security standard regardless of the underlaying technology. This is easier to maintain and update regarding emerging threats, and guarantees a secure environment for less mature products out of the box.

CSMA makes it more difficult for hackers to perform a lateral incursion that uses a weakness in one area to exploit an adjacent area. It also aids in preventing hackers from attacking different areas of an applications by integrating several security protections, tools, and strategies.

CSMA shortcomings

However, CSMA does not take into account the complexity of the today’s systems infrastructures. In particular, tools are often not interoperable and so require costly customisations. Furthermore, companies are often locked into pre-existing engagements with vendors, making migrations to new compatible or extensible security products a risky strategy.    

Implementing CSMA requires an organisation-wide restructure of a firm’s security approach – and change is often resisted, especially when it come to a large-scale change to security operations.


In essence CSMA is an aggregation of existing approaches such as zero trust and platform agnostic CSPMs (cloud security posture management). Combining the benefits of these approaches within a CSMA allows threats to be headed off earlier and cybersecurity attacks’ impact radius limited. However, CSMA is a rather utopian approach to security. Given applications and subsequently the infrastructure underpinning them have evolved into a complex environment, it is much more complicated to implement a full cover security mesh in real life – a perfect end state to target perhaps, not a realistic goal to attain.

We hope that you have enjoyed reading this installment of Capco’s 2023 Tech Trends series. Written by our in-house practitioners, the series covers composable applications, cybersecurity mesh, data fabrics and autonomic systems – topics that are both relevant and additive when addressing a number of the key business and technology challenges that the financial services industry is now facing.