Digital communication is so fast, we take for granted just how complex the actual delivery process is. Send a message and it’s instantly received, end of story. In reality, each and every transmission – emails, web searches, etc. – takes a Greek epic-like odyssey through a complex system of layers to reach its destination.
And that’s just the request. Once received, the information you requested is sent back on the same trek to your device. And considering each layer of that system presents unique threats capable of stopping it dead in its tracks – or much worse – failing to provide adequate security at every level can have tragic results.
The reason we get anything done at all across this kind of treacherous digital landscape is thanks largely to a defense-in-depth approach that the National Security Agency highlighted as an effective best practices model in 2010. The idea is to reinforce each level with independent redundancies so that, if a breach occurs at one level, it can be isolated before it spreads.
There are seven commonly recognized layers of IT security that need to be accounted for:
- Layer 1: Physical
- Layer 2: Basic data transmission
- Layer 3: Routing and traffic directing
- Layer 4: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
- Layer 5: Sessions
- Layer 6: Backbone of OS
- Layer 7: GUI/Desktop
An eighth layer that isn’t often discussed involves the users; whether they’re accidentally deleting vital information or opening risky emails on company equipment, users themselves often unwittingly create soft spots in a company’s defenses. Proper training and equipment, while sometimes overlooked, can go a long way toward supporting the rest of your security efforts.
Alone, none of these eight layers offer fool-proof protection. But when all used together, you can provide yourself – and your customers – the peace of mind from knowing your data will get where it needs to go.