History validates the Defense in Depth strategy for Enterprise Security

It was with great interest that I read a post by fellow IT Peer Network blogger, Chris Peters discussing a layered approach to protection while finding that balance between security and the flow of information. As a matter of fact, the defense-in-depth strategy that the post highlights for a mobile business can be extended to other domains as well – national security for example. “The best approach is defense in depth,” says Steve Lazerowich, a security solution leader within the U.S. Public Sector practice for HP Enterprise Services.

Federal Security.png

There’s a lot that Enterprise IT can learn from history. Greek philosopher, Eratosthenes for example made Big Data matter 2300 years ago. The term Business Intelligence was used as far back as 1865 by Sir Henry Furnese. Similarly, securing the perimeters of your enterprise is not a new concept either. Monarchs of the past would have outposts with guards on the lookout for adversaries on the prowl with a body of water – usually a moat – delineating their home base; serving as another deterrent with multiple layers of armed warriors guarding the innermost residence of the reigning monarch and family. In concept, layered protection has been around for centuries, and is proving itself to be an effective strategy even today for securing Enterprise IT. Let’s see how.

  1. Boundary: This is the outer periphery of the enterprise that represents the nation with firewalls and network intrusion prevention systems.
  2. Network: Intrusion detection systems monitor unauthorized network traffic raising the right security alerts.
  3. Platform: Platforms need their own end-point protection; including malware protection, data encryption, and white-listing technology. Patterns of incidents at a platform level can be used to identify unwarranted attempts of security violations.
  4. Applications: Applications, as the weakest link, provide the greatest opportunities to enforce security. Getting back to basics across the Software Development Lifecycle is vital. Are your applications holding the fort in your enterprise?
  5. Data: This is the pot of gold at the end of the rainbow for adversaries. Data Leak Protection is designed to further protect data by ensuring users can only access and use information needed to perform their specific roles. Data encryption is another layer of defense to prevent
    misuse, should it fall into wrong hands.

Today, there is simply no way to provide 100 percent protection,” says Lazerowich. But that is no excuse to not take proactive measures across all layers of defense.

Even from a network security perspective, it is no wonder that Jennifer Ellard – Director Product Marketing, HP suggests “a layered approach” to stay ahead of today’s evolving threat landscape in the DT2153 session at HP Discover in Barcelona. I am sure Peters and Lazerowich would agree with Ellard’s assertion.

So would I.

How about you? Please let me know your thoughts.

Team up with HP Technology Expert, E.G.Nadhan

Connect with Nadhan on: Twitter, Facebook, Linkedin and Journey Blog.

Published on Categories Archive

About E.G. Nadhan

With over 25 years of experience in the IT industry selling, delivering and managing enterprise solutions for global enterprises, E.G.Nadhan is the Chief Technology Strategist at Red Hat (Central Region) working with the executive leadership of enterprises to innovatively drive Cloud Transformation with Open Source technologies and DevOps. Nadhan also provides thought leadership on various concepts including Big Data, Analytics and the Internet of Things (IoT). Nadhan has published 500+ blog posts over four years in multiple Blogs including HP, The Open Group, Enterprise CIO Forum, 1CloudRoad and Intel ITCenter while interacting with analysts from Forbes, Gartner and IDC. Prior to joining Red Hat, Nadhan was an HP Thought Leader and the Global Leader for the Culture of Innovation where he worked with the executive leadership of strategic accounts to realize innovative ideas that address key business challenges for customers. As the Co-Chair for multiple projects within the Cloud Work Group, Nadhan led the publication of the first Cloud Computing Technical Standard and leads the Cloud Governance project within The Open Group. He is a recognized author/speaker at industry conferences and has co-authored multiple books. Follow him on Twitter @NadhanEG. Connect with him on LinkedIn.