What is defence in depth?

In a world where cyber threats are ever-evolving, a singular approach to cyber security is a risky strategy. Attackers can exploit weaknesses at different levels of an organisation’s infrastructure, so no single security measure is foolproof. “Defence in depth” is a cyber security strategy that involves creating multiple layers of protection to prevent cyber attacks from spreading across a network. 

What is defence in depth? 

Defence in depth relies on layered and redundant defensive mechanisms to protect assets from cyber attacks. If one security control is breached, the next layer acts as a fail-safe to prevent further infiltration. This layered defence system helps organisations reduce vulnerabilities, contain threats, and mitigate risk. 

Benefits of defence in depth 

Adopting a defence in depth approach offers the following benefits: 

Increased resilience

Each individual security control has limitations, so deploying multiple layers makes it harder for attackers to breach the system.  

Adaptability

Different layers can address various attack vectors, thereby covering a spectrum of cyber threats. If an attacker compromises one layer, additional controls can limit their movement and access. 

Defence against zero-day vulnerabilities

Even if one layer is compromised, others remain intact.  Layering security controls creates a robust and resilient environment. 

Protects against insider threats

Not all threats come from external hackers. Employees or contractors can pose risks, too. Security practices used in defence in depth, such as least privilege access and behaviour analysis, help prevent internal misuse. 

What security practices are used in defence in depth? 

Some of the practices employed in a defence in depth approach include: 

Network segmentation

Dividing a network into smaller sections or subnets, each with its own security policies and protocols. 

Endpoint protection

Deploying antivirus software and endpoint detection and response (EDR) tools on individual devices.  

Access controls

Using multi-factor authentication to prove users’ identity before accessing resources.  

Application security

Protecting software and applications from vulnerabilities with secure coding, firewalls, testing and patching. 

Least privilege access

Granting users only the minimum permissions necessary to perform their tasks. 

Data encryption

Safeguarding sensitive information by encrypting it. 

Monitoring/logging

Continuously observing and analysing computer networks and systems to detect potential security threats, data breaches, and suspicious activity 

Microsoft Azure’s approach 

The Microsoft Azure cloud computing platform employs a defence in depth strategy. It implements multiple layers of security across various levels of the cloud infrastructure, including physical security, identity and access management, network perimeter, application security, and data protection.  

Microsoft’s commitment to security includes the Security Development Lifecycle (SDL) framework, which ensures security from the ground up. Microsoft also invests in internal security research and maintains a comprehensive bug bounty program.  

In today’s threat landscape, cyber attacks are inevitable. Defence in depth is a proactive and strategic approach to counteracting threats by minimising risks and enhancing overall security. Without this approach, a single point of failure could lead to a significant and potentially catastrophic security breach. 

If you’d like to know more about defence in depth, please get in touch. 

Return to all Insights