In historic times defence was applied in layers. Not only did the Castle have walls, a drawbridge and a moat, but individuals used armour, weapons and various tactics in order to protect what was valuable to them.
Today we value data. And just like the days of yore, the application of defensive layers is paramount. A layered security model means that a single breach is unlikely to compromise security. In fact, when designed and maintained effectively, such a model could withstand several breaches.
The Australian Government mandates that agencies comply with the Protective Security Framework and Information Security Manual. This framework, and it’s associated controls, are designed to protect data at multiple layers. Layers such as data encryption (at rest and in transit), physical security, network security, application security and personnel security. Whilst individual components are important, it is how they complement each other that ensure’s their effectiveness.
Whilst the process of compliance with these controls is sound practice, of equal, or greater, importance is the culture of security in the organisation. Are personnel aware of their responsibilities and good security practice? Is activity monitored? Is security information regularly circulated? Does the organisation measure it’s security performance? By promoting a culture of security, the significant investment to secure data technically is not wasted. Even the very best technology cannot counter poor practice.
The strongest fence succumbs to an open gate.
If you’re tasked with data security in your organisation make sure you consider the integration of security technology and security culture as part of your overall security approach. By promoting a strong culture and ensuring component layers complement each other you significantly increase your data’s defences.