Layered security describes the practice of combining multiple integrated security controls to protect computer resources, including processing and data. The concept varies widely in terms of interpretation. Typically, layered security means that computing resources are protected by various types and levels of security. This includes, but is not limited to, physical security, authentication, and information encryption.
The value of this approach to security is that it provides a set of very different defenses that, while on their own could be defeated, when leveraged together provide a much more effective security solution. Indeed, if you can defeat one layer, such as authentication, you’ll face other layers including physical security and data encryption. As incursions progress, intruder resources are consumed and progress is slowed until the intruder is halted and turned back.
Layered security is usually leveraged when there is a high risk that data will be compromised, such as information maintained by the government or research data maintained by corporations. However, with the commoditization of security technology, the use of layered security approaches is much more commonplace, including applications in the small business space—even home-based computing.
The cost of layered security is relatively low considering that you are likely to use well understood commodity security technologies, leveraged in layers. Thus, you don’t deal with the more sophisticated and more expensive security solutions.
If you’re considering a layered security approach for your business, you need to first begin with your requirements. From there, create a security model, and then determined the best security approaches and technologies for each layer. Monitor the solution regularly and make adjustments as required.