Defense in depth and layered security feel like terms from a much simpler era in information security. It was not too long ago when these concepts seemed more applicable during the dawn of the Internet age.
At that time, web servers became the instrument to open up enterprises to the outside world. Firewalls, demilitarized zones (DMZs) and other network security techniques attempted to “keep the bad guys out.” Oh, how times have changed.
In a world where the cloud, mobile computing, software defined data centers, advanced persistent threats, zero-day exploits, big data systems and the internet of things (IoT) are the lingua franca of the day, are defense in depth and layered security still relevant?