Security / Compliance

The layered approach to Cloud security

By Cory Dzbinski / Jun 01, 2019

Layered Security

Let's first define "layered" security

What do we mean when we refer to "layered", or "multi-layer" security?

Layered security refers to security systems that use multiple components, to protect operations on multiple levels, or layers. The central idea behind layered security or defense, is that in order to protect systems from a broad range of attacks, using multiple strategies will be more effective.

Layered security is an example of the Swiss Cheese model used in risk analysis, and risk management. In this model, security systems are likened to multiple slices of Swiss cheese, stacked side by side, in which the risk of a threat becoming a reality is mitigated by the fact that it must pass through "holes" in the defenses. These defenses are of different kinds and locations, that are "layered" behind each other.

Therefore, in theory, lapses and weaknesses in one defense, do not easily allow a risk to materialize, since other defenses also exist, to prevent a single point of weakness.

The same methodologies apply to the cloud, the only major difference is that the cloud service provider may need to implement some of the steps.


Billions of devices = millions of vulnerabilities

In the past, organizations may have deployed one or two countermeasures for the most common security threats. Antivirus and firewall are typical. But as attacks grow more sophisticated, these security features only cover a small portion of the attack vector, and the response to them needs to be increasingly sophisticated. Providers of cloud services must use a modern layered approach to security.

Layered security efforts attempt to address problems with different kinds of hacking or phishing, denial of service attacks, and other cyber attacks. Also included are worms, viruses, malware, and other kinds of more passive, or indirect system invasions.


Multiple layers of cloud-based security

This is not an exhaustive list, but covers the typical majority of solutions, in layered security model.

  • Physical Security
  • Perimeter Firewall
  • Secure Multi-Tenancy
  • Per-Tenant Firewall
  • Host-Based Firewalls
  • Antivirus
  • Update/Patch Management
  • Digital Certificates
  • File Encryption
  • Backup & Replication


Summary

If you want security that is both effective and efficient, go for the layered approach. It provides multi-levels of defense that both identifies and eliminates threats on many different levels. With each added layer, you compound your level of protection, until you have a wall of security that is almost impenetrable.

The increased risk of loss associated with cyber-attacks cannot be denied. It is vital that you use a security approach that takes many different types of threats into consideration, and deals with each one quickly, efficiently, and effectively.


Contact AppSmart today for just about every security solution under the cloud.

Phone: 310-456-2200

Email: partnersupport@appsmart.com