For our first formal blog post, we want to start off with the concept of “defense in depth”.
Defense in depth is an Information Assurance principle where multiple defenses, placed in a coherent sequence, are believed to provide a reasonable level of cybersecurity in comparison to an incoherent ad-hoc system. A good metaphor to illustrate defense in depth is a castle and its defenses.
While growing up in Germany, I saw my fair share of castles. One thing that always stood out to me was the layered defenses they employed. In all the castles that I visited, I never saw one that solely relied on specific defense. To this point, almost every one of them was built on high terrain such as on the side of a mountain. They had high and thick walls with reinforced gates. Even the walkways within the main structures were designed to defend against invaders by slowing their movement or not allowing them to move in large numbers.
Within the context of cybersecurity, defense in depth combines several technical tools and nontechnical best practices in order to reduce an organization’s risk. Businesses usually think only to ensure they have locks on doors and good antivirus on their computers. As illustrated with the previous metaphor, cybersecurity requires several defensive measures to ensure that if one fails, there are others that can contribute to overall defenses.
Achieving a confident level of cyber resiliency can seem like a complex endeavor. The truth is, it is. However, there are key systems that your organization can put in place that can significantly enhance your cybersecurity risk posture.
Please join us for our next post, when we’ll deep dive into other cybersecurity and cyber resilience topics that may affect your business.