IT security has been governed by the paradigm of layering defenses in recent years, and it can be an effective way of mitigating digital risks. Frequent revision and continued improvement makes sense for cybersecurity because of the dynamic nature of the threat landscape. However, Dark Reading's Tim Wilson recently illustrated that an incremental approach should not take the place of an overall data security framework.

The advantages of existing strategies is clear: They provide a way for organizations to respond to new threats quickly. However, these short-term implementations should fall into a more comprehensive framework that effectively focuses efforts for the long term. As Wilson noted, this is where a significant number of organizations struggle to protect sensitive data. For example, data from consulting firm Ernst & Young found that 63 percent of businesses have no organization-wide guidelines for deploying security solutions. According to Jose Granado, principal and practice leader for IT security services at Ernst & Young, the issue is that IT security professionals buy solutions in response to a specific problem without considering how disparate technologies should work together.

"If enterprises do have a broader defense strategy, then it's usually focused on 'layering,' in which the organization buys a variety of different point products, essentially creating an obstacle course that the attacker must navigate to get to the sensitive data," Wilson wrote."By implementing a patchwork of firewalls, antivirus software, intrusion prevention systems and the like, the enterprise hopes to detect a wide variety of attacks and mitigate them before they can do much damage."

Effective layering
The problem, according to Wilson, is that many of these solutions rely on the same strategies to be effective. For example, an antivirus program and a firewall may be different components, but still rely on signature detection. Effectively mitigating risks necessitates the use a wider range of solutions such as data encryption software to make it more difficult for attackers to get past digital defenses.

Another challenge faced by many businesses is that implementing security solutions can disrupt daily operations. Advancements in data encryption software have allowed for greater levels of protection without hindering employees' ability to make use of corporate information. In a separate Dark Reading article, contributor Robert Lemos noted that vendors have increasingly taken strides to make encryption as easy as possible.