09-26-13 | Blog Post
Defense in depth – what does it mean? NSA.gov, the U.S. National Security Agency, refers to the term as a “practical strategy for achieving Information Assurance in today’s highly networked environments,” citing Information Assurance to include the protection of information system availability, integrity, authentication, confidentiality and non-repudiation. They list people, technology and operations as the layers of defense against attacks.
Microsoft refers to its origins as “a military strategy that aims to delay the advance of the opponent by maintaining multiple, layered lines of defense rather than just one strong defensive line.” They also provide the diagram to the right to depict the different layers of a network that need to be secured within the defense in depth strategy.
SearchSecurity.com defines it as “a coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise.” They list certain technical components as antivirus, firewalls, intrusion detection systems, biometrics for identity authorization. But in addition to ensuring technical security measures are in place, the physical security of business facilities and personnel training only works to strengthen data security against theft or compromise.
The definitions aim to achieve the same end goal – protecting data and thwarting hackers. At Online Tech, we know data security means using a comprehensive defense in depth strategy with different tools that all work to give you insight into what’s going on in your information systems at all times. This includes knowing who is allowed access, what files have been changed, when your servers need to be updated, if you have malware, if you’ve been hit by an SQL injection attack, etc.
This list of technical security services detail which solutions offer what kind of defense.
Encryption is one tool that encodes data into unreadable, scrambled text using mathematical algorithms that render the data unreadable without the use of an assigned cryptographic key. Encryption of data at rest, for example, stored in the cloud or on electronic devices, protects data even if a hacker accesses the system.
And encryption of data in transit, such as data that crosses wireless networks or travels from tier to tier within an application, ensures that data is protected along its path against hackers that may attempt to intercept it.
What can you use to achieve encryption of data everywhere? Visit our Defense in Depth page to read about the different approaches to data encryption, and view our defense in depth diagram that shows the necessary components, from third-party audit reports to high availability dedicated firewalls, servers, and SANs (storage area networks).
Need a broader view and more detailed description of your different encryption options? Download and read our latest white paper, Encryption of Cloud Data.
References:
Defense in Depth: A Practical Strategy for Achieving Information Assurance in Today’s Highly Networked Environments (PDF)
What is Defense in Depth?
Windows Server 2008 in an Organization’s Defense in Depth Strategy
