*This article could be a summary of content for learning purposes. For more information and knowledge, read the original articles in the References section.
The objective of defense in depth is to protect information and prevent it from being stolen by those who aren’t authorized to access it. A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data.
Layers of defense in depth:
Data
Stored in a database
Stored on disk inside virtual machines
Stored on a SaaS application such as Office 365
Stored in cloud storage
Application
Ensure applications are secure and free of vulnerabilities.
Store sensitive application secrets in a secure storage medium.
Make security a design requirement for all application development.
Compute
Secure access to virtual machines.
Implement endpoint protection and keep systems patched and current.
Networking
Limit communication between resources.
Deny by default.
Restrict inbound internet access and limit outbound, where appropriate.
Implement secure connectivity to on-premises networks.
Perimeter
Use distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for end users.
Use perimeter firewalls to identify and alert on malicious attacks against your network.
Identity and access
Control access to infrastructure and change control.
Use single sign-on and multi-factor authentication.
Audit events and changes.
Physical security
Physical building security and controlling access to computing hardware within the data center is the first line of defense.