As we discussed in an earlier post, DID’s main disadvantage is complexity. Implementing security at every layer takes a lot of planning and valuable resources. It is important to consider if and how security measures can work together as well as the maintenance, administration, and monitoring that is required for each. DID must achieve a balance between protection capability and cost, performance, and operational considerations. There must also be a balance between security and functionality.
Employing a proper DID strategy is expensive, especially if products are purchased from multiple vendors. (Mixing vendors throughout the system may provide some level of added protection so that the whole system will not be threatened by one vendor’s vulnerability.) It may include multiple products with overlapping functionality. It may involve managing more physical hardware. It may require justification of the purchase of new equipment rather than repurposing old equipment. It’s an expense that is difficult to justify because the return on investment is not apparent to all staff members; however, the justification is warranted.
It is also important to consider that more layers are not always better; effective security depends on the quality of the layers that are implemented. Just because there are several security measures in place, it does not guarantee that they are all working synergistically. That is why it is so important to take the time to study what the security needs require and what the resources can support.
Defense in Depth is definitely a viable security strategy, but it may take some research as to what resources are available and what the specific needs of the company are. Best wishes on your security endeavors!
Thanks for reading!
Jen
Writing content for a website and getting it designed and developed in a user friendly manner is all regarding creativity and skill and both the things have been carried well here.“Facebook videos not playing” | How To Fix AOL Email Problems
ReplyDelete