Defense in Depth Approach

The security mechanisms that a security engineer may apply really depend on the threats, criticality of data, and associated risks. If your financial transaction data are in files (papers), then the concentration should be more on the physical security of the room where these financial files are placed.

We have to understand where exactly the data lies, the criticality of this data, and the associated risks. This is one of the reasons why security tools and strategies differ across organizations.

Some organizations that deal or store sensitive data such as credit/debit cards need to follow very stringent security standards that will further be evaluated as a part of a compliance audit by an external auditor.

In this book, we assume that your environment is in the cloud and the data or the process that is being stored is important for the business of the organization.

Thus, our focus will primarily be based on the Defense in Depth architecture and we will look into each of the layers and the associated best tools available, and the best practices to follow that will give you the perfect direction to go ahead with the design and implementation related to tools, technologies, and best practices related to Defense in Depth based architecture in your organization.

Before we go ahead and understand the Defense in Depth approach, we will revise one of the most well-known diagrams in information security, the CIA triad.