What is Defense in Depth?
As a strategy, defense in depth derives from a military technique that aims to slow the enemy’s progress. The goal is to mitigate the risk of damage over the entire perimeter that is protected. In other words, each element that makes up the defense in depth aims to prevent the progression of an attack or attempt to compromise the data.
In information security, we often illustrate the concept of defense in depth with the analogy of an onion, with each layer protecting the one inside it.
Here are the various layers of protection that make up a defense in depth based on best practices.
↓ Physical security management
Physical security refers to the measures your company implements to protect its assets by preventing unauthorized access to the facilities and equipment that store and process your data, among other things. This can include:
- Protecting the premises: Fencing, entrance gate, security guard, surveillance cameras, etc.
- Access control: ID cards, access codes, biometrics, etc.
- Equipment management: Physical locks, tagging, additional access restrictions, etc.
- Secure disposal: Document shredding, hard drive shredding, professional disposal services, etc.
In this layer of protection, you’re essentially managing who can access your buildings and ensuring that anything stolen (documents, digital devices) is unusable. However, these measures will do nothing to help you once someone is inside your system.
↓ Identity and access management
Your company data must always remain available yet only be accessible and modifiable by authorized people. Managing identities and access is your best bet thanks to single sign-on, multifactor authentication and conditional access, among other safeguards.
These three components work together so that your users need only log in once with information known to them, such as a combination of their username and password (single sign-on), which they then confirm via a device they own, such as their phone (multifactor authentication). As for conditional access, it analyzes the reason for the access request to confirm if it meets pre-determine criteria.
To learn more about these solutions and their features consult our page on the subject.
↓ Perimeter and network management
This measure refers to your digital perimeter, rather than the physical one. It’s just as important to manage your internal environment as those outside your walls, such as your cloud, for instance. Perimeter security restricts what comes in and out. Like your physical barrier, you control who enters, but not what they can do once inside.
In addition to perimeter security, which only controls digital access, network management monitors and sets parameters for movements within your system. This is where configuring routers, switches and firewalls, implementing intrusion detection systems and network monitoring, and managing vulnerabilities all come into play.
You can maximize the scope of your perimeter and network management by setting up zero trust architecture that continually monitors what your users are doing, ensuring they have the required privileges and that their activities respect the established rules. It’s like having a security guard who tracks, monitors and validates every action.
↓ Application management
Application management focuses on protecting apps from threats and vulnerabilities that could be exploited. It aims to identify, prevent, detect and correct security breaches in apps to guarantee their integrity, confidentiality and availability.
Here are some key aspects of managing and securing apps:
- Identify potential vulnerabilities by carrying out security assessments, intrusion tests and code reviews.
- Implement secure development practices, such as using proven reference framework and libraries.
- Ensure that users and systems only have access to the appropriate resources and functions, by using solid authentication and authorization controls.
- Encrypt sensitive at-rest and in-transit data to prevent information leaks.
- Monitor permanent applications to detect suspicious activities.
- Regularly update the apps with the latest security patches to correct flaws that have been discovered.
By implementing these security practices, from the development phase to ongoing maintenance, managing your apps will bolster the overall security of your systems and minimize the threat of data breaches.
To properly assess your information security posture and defense in depth maturity, we suggest consulting with professionals who will provide a neutral and critical review of your current practices and help you implement the best approach for your company.