The defense-in-depth (DiD) model is a strategy that uses multiple layers of security to protect information. It is sometimes called the “castle approach” because it is similar to how a castle is protected by several deterrents (moats, archers and gates). Although the goal of DiD is to completely stop attacks, its secondary function is to prevent attackers who have gotten through one layer of the company’s network from getting further in.
How the Defense-in-Depth Model Works
To create a DiD strategy, organizations use different frameworks – some outline 5-10 areas a bad actor could attack, while others divide it more generally.
CompTia (The Computing Technology Industry Association), which administers security certifications to IT professionals, divides security into three areas:
- Physical – How anything that can be seen, touched or stolen is protected. When discussing physical security, cybersecurity experts focus on office access, server room access and document protection.
- Operational – How systems in the company are set up, or the daily operations of the network. Operational security concerns include password security, how employees connect to the Internet, what software employees can download on their laptops, etc.
- Management – How security policies are made and implemented by management. These policies include administrative policies, software design requirements, disaster recovery plans and more.
Here is how the DiD model could protect against a man-in-the-middle attack, in which a hacker interrupts a file transfer:
- Operational – Require IP address whitelisting to transfer files.
- Operational – Require PGP encryption and use of encrypted protocols (SFTP, FTPS and HTTPS) for all file transfers. Prohibit connections to ftp servers
within the corporate network.
- Management – Train employees about proper file transfer procedures.
What Are the Benefits of a Defense-in-Depth Approach?
The DiD approach benefits the organization, its stakeholders and the public by keeping confidential information safe.
Preventing Business Losses
By preventing data breaches, which on average cost $3.86 million, the DiD approach protects businesses against unpredictable financial loss. It can also prevent more intangible losses, including loss of business, loss of customer trust and loss of goodwill.
Protecting Customer and Employee Data
Networks always contain confidential employee information, even if they do not have customer information. By keeping confidential identity and financial information safe, organizations save stakeholders from identity theft, fraud and other problems.
Increasing Public Trust
With each organization that adopts stronger cybersecurity measures, the public can more easily trust that their data is secure and learn best practices to protect their information.
Thru’s Defense-in-Depth Model
Because of increasing concerns and conversation about data privacy, the DiD model is becoming more relevant than ever. If companies do not protect confidential information, they risk losing business, customer loyalty and employee trust.
Since we handle enterprise-level managed file transfers, end-to-end file security and business continuity are the highest priorities. Our security measures protect our cloud, our application and our customers’ data.
Learn more about our secure file transfer and compliance.