This post will deal with the topic or security practice of security by layers, and a little suggestion of a technology that may serve for this purpose in a not so deep-in-configuration manner.
In Information Security, security by layers refers to the practice of combining various security control points across the pipeline of an application. That is multiple mitigating security controls to protect the application’s resources and data. There are various ways of going about this layers, there is no silver bullet in security by layers, as every system is different, but some examples may be:
Consumer Layered Security Strategy
- Extended validation (EV) SSL certificates.
- Multifactor authentication.
- Single sign-on (SSO).
- Fraud detection and risk-based authentication.
- Transaction signing and encryption.
- Secure Web and e-mail.
- Open fraud intelligence network.
Enterprise Layered Security Strategy
- Workstation application whitelisting.
- Workstation system restore solution.
- Workstation and network authentication.
- File, disk and removable media encryption.
- Remote access authentication.
- Network folder encryption.
- Secure boundary and end-to-end messaging.
- Content control and policy-based encryption.
These are the common can-be-found-in-any-page-you-check strategies, in the next blog I’ll cover another topic related, in some way, to security by layers, that is using containers to deploy code.
– An ogre.