Security Encyclopedia

Defense in Depth

Defense In Depth is a data owner or custodian's utilization of numerous security countermeasures to ensure the integrity of data in their possession. Its key aspect is having several layers of security in place, in the event that a single layer fails.

Defense in depth relies on the military rule that it is far more difficult for an adversary to overcome a complex and multi-layered security framework than to infiltrate a single barrier. Defense inside, outside, and in between limits the likelihood that intruders will succeed.

A well-structured methodology of this sort can likewise help executives and security teams discover users who attempt to compromise a device, server, security system, or other barrier. In the event that a hacker accesses a system, security throughout limits the threat and gives decision-makers and tacticians time to send new or refreshed countermeasures to disrupt the growth or severity in damage.

With defense in depth, security layers would include threat detection, antivirus programming, firewalls, anti-spyware programs, complex passwords, multi-factor authentication (MFA), and biometric authentication. Notwithstanding electronic countermeasures, defense in depth would also include initiatives pertaining to physical security of the workplace and intense security training of the workforce.


"The presence advanced persistent threats, including state-sponsored ones, has made defense in depth our standard operating procedure. Today's threats are capable of circumventing single security checkpoints so a layered approach is our baseline defensive strategy."