Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaining defense in depth concept – Part 2

sc-900 - Defense in depth concept
sc-900 - Defense in depth concept

Hi All,

Greetings for the day!!!

We are continuing discussing security related concepts and preparing study material for exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals

In last article – Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaining few terms related to Security – Part 1 we discussed few terms related to Security

In this article we will discuss concept – defense in depth

Take away from this article

  • What is defense in depth?
  • Security layers in defense in depth

Defense in depth

  • Defense in depth uses layered approach for security for our IT environment
  • This strategy uses series of mechanisms to slow down the advance of attack that helps to prevent unauthorized access of data
  • At every layer Security / protection is provided so that if one layer are breached, at subsequent layers data is protected
  • Microsoft implements this defense in depth strategy for its on-premises datacenters and in Azure cloud services

Security layers in defense of depth

sc-900 - Defense in depth
fig : sc-900 – Defense in depth concept
  • Physical
    • First line of defense to protect hardware in data center
    • Related access to data centers
    • Only authorized personnel’s can access data centers
  • Identity and access
    • To control access to infrastructure either implementing conditional access or multi factor authentication – MFA
    • Auditing events and changes
  • Perimeter
    • Use distributed denial of service (DDoS) protection to filter attacks before those can be caused for denial of service for users
    • Use perimeter firewall to know and malicious attacks against our network
  • Network
    • It is about protecting our resources from network attacks
    • Deny by default
    • Security, such as network segmentation and network access controls, to limit communication between resources
    • Security connectivity to on-premises network
    • Restrict inbound internet access
    • Restrict outbound internet access wherever appropriate
  • Compute
    • Securing access to virtual machines
    • Example is – limiting the number of ports to access virtual machines either hosted in On-Premises environment or in cloud
    • Keeping systems patched and current
    • Implementing end point protection on devices
  • Application
    • Security layer for our application – making sure our applications are secured and no security vulnerabilities
    • User secure / sensitive storage to store application secrets
  • Data
    • layer for securing our data – implementing encryption to protect our data

Thanks for reading the article !!! Please feel free to discuss in case any issues / suggestions / thoughts / questions !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

1 Response

  1. June 6, 2022

    […] Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaini…we discussed “defense in depth” concept […]

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: