What is a Security Data Mesh?

Table of Contents

What is a data mesh? 

A data mesh is a decentralized, access-driven data architecture focusing on business domains owning and operating their data. Gartner defines a data mesh as a cultural and organizational shift intended to give the business access to data by having subject matter experts analyze usage patterns to determine affinity and organize data domains contextualized with descriptors.  

What is a security data mesh? 

A security data mesh, also sometimes seen as a cybersecurity data mesh, is a decentralized data architecture focusing on security data from various sources where business domains own and operate their data.

This data management design enables organizations to: 

  • Decentralize data ownership and architecture to assign responsibility for creation, transformation, maintenance, and distribution 
  • Turn data into a product so it is findable, accessible, interoperable, and reusable by people and machines 
  • Federate data governance with subject matter experts as data owners to guide access rules 
  • Design a self-service data infrastructure so data users no longer need to wait for data owners' access request approvals

A data mesh consists of three technology planes: 

  • Data infrastructure: networking, storage, and access control 
  • Data control: a combination of data engineering, data intelligence, policy management, and continuous data observability 
  • Mesh supervision: data marketplace to curate data, manage security policies, and interact with data products 

A security data mesh architecture focuses primarily on the people who use the security data. It takes a people-centric approach by arranging data according to business domains and organizing around the user’s expertise. The data mesh architecture is organized around the following: 

  • Domain experts: understand the data and how others within the organization can use it 
  • Data owners: serve data to other users, manage data quality, and facilitate delivery that enables others to achieve  
  • Domain platform team: develop and operate the data infrastructure by working with data pipelines, sources, warehouses, and security 
  • Enabling team: guides analytical data models, data platform use, data product builds and maintenance 

As an architecture intended to delegate responsibility to domain experts, a data mesh decentralizes data management activities and gives domain experts more control over data. Data fabrics and data meshes are not mutually exclusive approaches. Security data fabrics, for example, can enable security and GRC teams to more effectively establish a security data mesh where practitioners and subject matter experts are the data owners and can design self-service infrastructure for security use cases.