download a PDF version of this page

Company info

Because your business is constantly exposed to IT threats, you need to ensure that your corporate IT security defences are strong enough to protect your IT environment and data. IT companies recognise that the best way to protect your company's IT environment and data is by creating and implementing a Defence in Depth Strategy to meet your business' unique IT security needs.

In General

IT support companies define Defence in Depth as an IT security strategy that focuses on protecting your company's critical IT data and resources through multiple layered solutions. A typical Defence in Depth Strategy will often contain, but is not limited to, the following IT components:

  • Firewall
  • Antivirus
  • Encryption
  • Intrusion Detection and Prevention Systems
  • Automated Patch Management
  • Formal End-User security training


IT consulting companies agree that a properly layered Defence in Depth Strategy will do the following for your corporate IT environment:

  • Protect your company's critical data and IT resources against a variety of internal and external threats.
  • Isolate any part of your corporate IT network, systems, applications, or data that come under attack while shielding the rest of the IT environment from potential damage.

In Particular

IT outsourcing providers such as AlphaScan can help your company create a customised Defence in Depth Strategy that will protect your IT environment and data. The best IT support companies follow SANS institute guidelines when creating individualised Defence in Depth Strategies for companies of all sizes and most vertical markets. SANS, which stands for SysAdmin, Audit, Network, Security, is an organisation that focuses on information security and also sponsors an internet early warning system called Internet Storm Centre which posts real time information about internet threats and discusses breaking news about information security.


A well-crafted Defence in Depth Strategy is composed of multiple layers of security to protect against the following:

  • Network attacks- such as direct attacks against your corporate firewall or internal threats that can occur if a worm or other malicious application has been activated.
  • Operating System Attacks- like viruses, root kits, and other unauthorised access that can impact the OS, business data, and critical services.
  • Vulnerability Exploitations- that take advantage of faults in programming or IT systems configurations to gain access to sensitive data.
  • Data Exposure- such as deletion, modification, or copying of sensitive information by unauthorised persons.

Next Steps

Because threats to your IT environment and data are always evolving, IT services providers suggest that, in addition to creating a Defence in Depth strategy, your company follow CERT recommendations to provide an additional layer of protection to your IT environment. CERT, which stands for Computer Emergency Response Team, is a government funded organisation that focuses on information security and provides training. CERT identifies that in addition to a Defence in Depth Strategy your IT security plan should also include the following proactive steps:

  • Occasionally re-evaluate your security- By reassessing your corporate Defence in Depth Strategy, your company can address new risks and protect against them. Typically, a reassessment should be performed on a yearly basis, but depending upon your company's unique needs, might need to be done more often.
  • Invest in identification and eradication tools- Assessment tools that detect, identify, and log threats and attacks to your business' IT environment can help your company create a more customised Defence in Depth Strategy. Not only will this help your business maximise its IT budget, it will ensure that your layered defences are covering all potential target areas of your IT environment.
  • Adopt imaging technologies- Frequent imaging of desktops and servers will give your corporation the peace of mind of knowing that in the event that a server or desktop operating system is compromised despite a well-planned Defence in Depth Strategy, that the system can be restored from a recent image.

AlphaScan Can Help

AlphaScan has been helping businesses create secure IT environments for more than a decade. Whether it involves building a secure IT environment from the ground up, protecting an existing IT environment, creating third party security assessments, or addressing other security needs, AlphaScan can help your business protect itself against IT threats. To learn more about IT security in general or to find out more about how a Defence in Depth Strategy can help your company, please contact the security experts at AlphaScan.