By: Alicia Hernandez, Think Technical Writer
So there’s this simile… Stop me if you’ve heard this one… That says you should layer your security like a seven-layer burrito. Sounds like a logical thought to me! If you prefer burritos over bean dip, you are welcome to sign up for The Seven Layer Security Burrito: How it All Stacks Up, a live webcast with Channel Expert Hour and Open DNS on September 15, 2015. Otherwise, let’s talk about my favorite: bean dip!
No matter the simile that you prefer to use, the layered security approach is a simple concept to grasp. The more hoops a hacker has to jump through, the less likely they are to be successful. Of course, the tricky part here is not creating a bean dip so thick that your chips keep breaking off in it. In other words, while you want your hackers to have a hard time breaking into your systems, you still want to keep it simple and [nearly] seamless for your users to access the information they need.
Layer #1: Response Plan
So let’s look at this layered approach as if we were making a bean dip. The first layer along the bottom (the furthest inside your business) is your RESPONSE plan. In the event you have a breach, having a response plan laid out ahead of time will help you ensure that you address all of the necessary pieces of remediation. Without a plan, you are more likely to miss something as you hastily try and patch your holes, leaving your company still vulnerable.
Layer #2: Monitoring and Alerting
The second layer includes MONITORING and ALERTING. Without a solid monitoring and alerting system in place, you may never know that a hacker has infiltrated your systems, much less be in a position to take immediate action and reduce the damage to be done.
Layers #3 and #4: Data Encryption and User Permissions
The next two layers are kind-of like your lettuce and tomato – they just go together as one layer. Probably the most important piece of your business is your data – whether it is PII customer data, secret family recipes, or engineering blueprints – so we need to do what we can to protect the data. On the other side, hackers are out to get the data, so DATA ENCRYPTION in conjunction with user PERMISSIONS are very important layers!
Layer #5: Applications
Logically… See I told you this was a simple-to-understand approach… the data lies within APPLICATIONS, so this is where our next layer of security falls. Again, ensuring access to the applications is accurate and limited, and practicing secure coding methods will help protect your application layer.
Layer #6: Operating System
The applications are usually accessed from a user’s desktop PC and/or laptop, so we want to ensure this is secure as well. Antivirus software, security policies, and patching are all methods to secure the OPERATING SYSTEM.
Layer #7: Network Security
And, finally, everyone’s favorite part of the bean dip, the cheese…or from a layered security perspective, the NETWORK! Setting up firewalls, intrusion detection systems, intrusion prevention systems, and user authentication technologies are just a few of the ways to protect your business from the bad guys.
While the following papers aided in the writing of this article, I recommend reaching out to Think Network Technologies for a layered security bean dip specific to your business!
Peters, C. Layered Protection for a Mobile Business
SANS Institute: Layered Security: Why It Works
TechRepublic: Understanding layered security and defense in depth