Security is very paramount and non-negotiable. It has no borders, which means attackers can be within the confines of their homes and perpetuating their malicious intent. Security is one of the most important aspects of any architecture. Ensuring that your business data and customer data are secure is critical. A public data breach can ruin a company’s reputation as well as cause significant personal and financial harm.
Nowadays, security professionals take a zero trust approach which implies that you should never assume trust but instead continually validate it. In the past, the focus has always been on the perimeter where anything outside the organization is treated with hostility and not trusted while inside the organization’s firewall, they were assumed to be trusted. This model has forced security researchers, engineers, and architects to rethink the approach applied to security where we use a layered strategy to protect our resources called defense in depth.
Defense in depth is a layered security approach in which a series of defensive mechanisms are layered to protect valuable data and information. If one mechanism fails, another steps up immediately to thwart an attack. The multiple layers increase the overall security score of the environment and reduce the probability of a security breach by a huge margin.
Layered security is effective for both physical and logical securities as this provides strength and depth to reduce the effects of a threat. Your goal is to create redundancies (backups) in case security measures fail, are bypassed, or defeated. Below is a snapshot of the security layers that need to be protected.
Who is Responsible for your Security?
People always assume their application or data is secure because it is hosted in the cloud. According to a recent McAfee report, 69% of security professionals trust their cloud providers to keep their data secure, and 12% believe cloud service providers are solely responsible for securing their data. The truth of the matter is that cloud security is a shared responsibility. Security in the cloud is a concern shared by both the cloud providers and the customer. Your level of responsibility will be based on the cloud model (IaaS, PaaS, or SaaS) you adopted.
To educate cloud customers on what’s required of them, Cloud Providers like Microsoft Azure have created the cloud shared responsibility model (SRM) as you can see below.
Source – Microsoft
The threat landscape is huge and keeps evolving at a massive scale as the attackers are getting smarter and continuously devising new ways to comprise the organization’s data. It is our responsibility as security professionals to ensure we are a step ahead of these security threats by putting in place all necessary controls to protect each layer. Check back for the next article of this series where I will be talking about the approach that can be used to protect each layer.
Written by: Hakeem Abdulsalam