Defense-in-Depth vs. Zero Trust: On-Premises vs. the Cloud On the technical side, these response plans usually take on an expanded dimension, given that many companies are using both cloud services and customer premises equipment. Both of these environ- ments share certain risks, as well as pose independent risks of their own. Focusing on either one at the expense of the other is almost guaranteed to make your company less secure. In pure-play terms, the customer premises side is largely about securing a perimeter. You know the types of hardware being used and you know where those devices live. Your company is the sole arbi- ter of whether that infrastructure is properly secured and if it’s not, it’s usually not hard to identify the key suspects responsible for the oversight. For a long time, the mantra for securing the perimeter has been a concept called “defense-in-depth.” Defense in depth (also known as the Castle Approach) is an information assurance (IA) concept in which multiple layers of security controls are placed throughout an IT system. By bringing together a variety of security controls layered on top of one another in a collaborative rather than competitive way, enterprise companies can more easily detect and respond to threats by having more options for their detection and mitigation. Each one can address a different portion of the overall risk by im- proving database security, network access control, content management, perimeter management, compliance, endpoint and mobile security, intrusion detection and prevention, access management, and more. All of these can be applied across different layers of your infrastructure based on need and practicality, as shown below. Don’t forget that mobile devices, some of which may be owned and controlled by your employees and partners, can also cause significant risk. For those devices that do belong to your company, a compre- hensive mobile device management (MDM) platform is likely in order. These systems can mitigate risk by properly accounting for inventory, scan for viruses, malware, and other issues, encrypt on-board data, provide general monitoring of the device, and even conduct a remote wipe if the device is lost or stolen. Defense in depth (also known as the Castle Approach) is an information assurance (IA) concept in which multiple layers of security controls are placed throughout an IT system. Copyright © 2020 AVANT Communications, Inc. 24
Managed Security Trends and Insights Page 24 Page 26