What is Layered Security?

What is Layered Security?

Layered security, in an IT context, means protecting digital assets with several layers of security. The concept behind layered security is simple. If a hacker manages to breach one security measure, all sensitive data is still protected by the other layers of security that are in place. This makes it harder for a hacker to perform a successful cyber attack. In this layered approach, each layer of security can work together to ensure enhanced protection against threats.

This is somewhat similar to the security approach portrayed in classic "heist movies," where a team of burglars must get past obstacle after obstacle, each one providing its own challenge, before they finally manage to gain access to the valuable jewels and make off with them into the night. The first layer of security might be the locked doors and windows on the building's exterior, while the second layer would be intrusion detection systems, such as the alarms on all of the doors and windows, which detect if someone manages to get in through that first layer. The guards inside the building represent yet another level of security, as do the video cameras monitoring the rooms. In addition, in the movies, there are fancy laser beam detectors surrounding the case where the jewels are kept, and then a final layer to get past - the motion detector that issues an alarm if the jewels are moved from their place. For the burglars to get their prize, it's not enough to defeat one layer - they have to get past all of the many layers of security protecting the jewels.

Layered security is also known as 'defense in depth', a term borrowed from the military tactic with the same name. In a war, an army might choose to concentrate all of its forces along the front, so that it's as well defended as possible. The danger is that if the enemy concentrates its forces and breaks through the front in one spot, there are no further defenses protecting the area behind. With defense in depth, some defensive resources - troops, fortifications, weapons - are further back, so that if the front is breached, there are still troops and materiel available to stop the enemy advance. In the military context, even if less concentration in the first level makes it easier for the enemy to make an initial breach, they can be ultimately stopped more easily because their losses will continue to grow as they continue to try to work their way toward the goal.

Another classic example of defense in depth is the "concentric castle" model. A castle may be protected by an outer wall, then a moat, then a higher and more heavily fortified inner wall.

In the IT environment, layered security provides inherent redundancy. If one layer of security fails, another layer keeps the system and its data secure. To get through to the data, a threat would have to infiltrate every level of security. Layered security involves three main types of security controls.

Layered security controls

To secure your data, it needs to be protected in three different realms - through administrative, physical, and technical controls. In each realm, multiple security measures can be deployed to provide a layered defense.
Administrative controls
Administrative controls consist of policies and procedures put in place by an organization to minimize vulnerabilities and to prevent users within the company from accessing information they are not authorized to access. Some layers of administrative controls could include:
  • Making sure that only current employees have user accounts, by putting a procedure in place to close an employee's account on the network in the event that someone leaves the company.
  • Putting detailed policies and procedures in place to ensure that all employees take the mandated steps required to secure corporate data, especially sensitive data.
  • Implementing role-based access control, which enables employees to only access the actual data that they need to do their own jobs. See our article on access control for more information about different access control schemes.
  • Minimizing the use of privileged accounts, such as administrator accounts, and placing additional restrictions on their use.
Physical controls
Physical controls are another crucial aspect of the layered approach. These include anything that prevents actual physical access to the IT system. For example:
  • Physical doors with locks in any area with computer equipment.
  • Fingerprint scanners for access to areas with computer equipment, and/or for logging into the system.
  • CCTV footage as a deterrent and to alert security to any possible cyber threats.
  • Security guards to monitor the area.
  • Gates to prevent easy access to the site.
Layers of physical controls could be the types of things described in the heist movie example - the multiple layers of protection that prevent the burglars from gaining access to the jewels.
Technical controls
Typically the most complex of the controls, technical controls for network security are another security approach that is necessary for comprehensive protection. These controls include software and hardware-based information security solutions that prevent unauthorized access to the IT system and the data within it. A combination of different hardware and software solutions provide the best protection from a wide array of cyber threats. With the many cyber threats constantly emerging today, multiple layers of technical controls are a necessity for every business. Layers of technical controls could include the following:
  • Securing authorization
    • Requiring users to use strong passwords that are difficult to guess or crack using password cracking tools.
    • Two factor authentication or multi-factor authentication (2FA/ MFA) to further verify the user's identity by using multiple devices to login.
    • Biometric authentication to ensure a user's identity through the use of facial recognition or fingerprint scanning, for example.
  • Preventing infections from malware and similar threats
    • The first layer might be from the administrative realm - educating users not to click on suspicious links on the web, or open suspicious files that are sent to them by email.
    • The next layer could be conventional detection-based anti-virus and anti-malware software.
    • An additional layer would be adding Remote Browser Isolation, so that if a user did click through to an infected site, damage would be contained away from the endpoint machine.
  • Data security
    • Securing the network behind a firewall, which can be implemented as either a hardware or software solution, depending on the network infrastructure.
    • Encrypting data servers, to protect data even if a bad character manages to access the server.
    • Encrypting emails as an additional layer, to prevent information sent via email from being intercepted and compromised by an unknown third party.
    • Following best practices for remote access can be an additional layer of protection that closes a vulnerability often exploited by hackers. For more information, see our article Virtual Computing as a Security Solution.

For maximum protection, multiple solutions should be used for each type of control, providing a layered security solution that is hard to breach. Organizations must ensure that their chosen solutions are compatible, and provide seamless coverage for the entire network. Together, the multiple layers of security should fill in any gaps through which cyber criminals could gain access to the system and the valuable data stored inside it.

To learn how Ericom security solutions can strengthen your layered security strategy, contact us.