Why Defense In Depth Is Not Good Enough
Published on
For many years, information security professionals have discussed, and promoted, a strategy known as “Defense In Depth,” in which an organization utilizes multiple layers of security controls rather than just one layer, with the hope that if some vulnerability exists in one of the layers, the countermeasures in one or more of the other layers will compensate for the deficiencies, and deliver the necessary security. Furthermore, utilizing a proper implementation of Defense In Depth can increase the time that it takes a hacker to penetrate an organization – which also increases the chances of stopping him or her before he or she is able to steal data or commit other harmful acts. Sometimes Defense in Depth is known as layering, or as utilizing the “Castle Approach,” named for the physical security strategy employed by the builders of many of the castles of yesteryear by which multiple physical layered defenses were utilized to prevent breaches of the structures by invaders.
There is, however, a fundamental flaw in many Defense In Depth implementations…
To read on please see my article, Why Defense In Depth Is Not Good Enough.
