We design, build and support architectures in data centres, on premise environments, public clouds and hybrid infrastructures. We have built VoIP and mobile telecommunications solutions, critical internet infrastructure and highly available, self-healing, SaaS platforms.
Modern infrastructures often cross boundaries between physical and virtual environments. One of the advantages is that it allows to strategically choose the optimal location for individual components. It also introduces additional design options for redundancies, backups and recovery.
Security threats are everywhere and any public facing infrastructure is under constant attack. Automated processes are constantly probing for old and newly discovered vulnerabilities. Keeping infrastructure secure is therefore an ongoing task. As attacks are getting more sophisticated a multi layered security design is the best defense. This means deploying multiple types of security measures, each protecting against different attack vectors. For example this could be the combination of a border gateway firewall, network access controls, host based firewall, Web Application Firewall and jailed (chroot) or dockerized application environment to reduce the attack surface.
Defense in depth is a term sometimes used synonymously with layered security. We see defense in depth as an organization wide function with layered security being a technical part of that. Defense in depth also includes aspects like monitoring, alerting, incident response procedures, backups, and disaster recovery strategies. Defense in depth not only protects against malicious activities it also guards against human error and environmental disasters.