Defense in depth is the coordinated use of multiple security countermeasures to protect information assets in an enterprise and across virtual environments. The strategy is based on the principle that it is more difficult to defeat a defense system made up of deterrent, preventative, detective, and corrective controls than to penetrate a single barrier.
Defense in depth includes front-office techniques (e.g, antivirus software, firewalls, anti-spyware programs), middle-office techniques (e.g., hierarchical passwords, intrusion detection, and biometric verification), and back-office techniques (e.g., data splicing, aliasing, encryption). In addition to electronic countermeasures, physical protection of business sites along with comprehensive and ongoing personnel training enhances the security of vital data against compromise, theft, or destruction.
Action Item: Chief information security officers (CISOs) and business owners need to understand the technologies available, and organize them into a layered defense. They should assume that the failure of any layer will be a complete failure and ensure compensating techniques are effectively deployed. Trust models should be layered also, with clear accountability and reporting in real-time when possible. Trust, but verify.
Footnotes: