Fairytale Endings?

It’s hard to argue that having more devices, services and processes connected via the Internet is anything but a good thing. We can work on projects and team collaborations across the globe. We talk, we chat, and we view, and contribute ideas in real time. I don’t need to wait for days, weeks or months to know where my friends are or what they’re up to. The possibilities that the Internet brings are almost endless. This is a sweet way of looking at it, but in real life this fairytale story might not end so well, as hackers and malicious users are always on the loose. What makes the Internet so good for us makes it so good for the hackers, too: our world is so interwoven through cyberspace that it’s possible to reach anybody or any resource online at any time from any point on the globe. The proliferation of cyber incidents is just a consequence of our extreme connectedness, and the onus lies on us to protect ourselves. So it’s about time we talked about security interleaving.

Interleaving layers

Security interleaving involves the protection of your device or network in small, manageable layers of security that can be sufficiently hardened to make your data secure and keep out the hackers. It’s a bit like the division of memory into small chunks for faster and reliable data access. The main advantage here is that security interleaving allows you to provide a robust, secure, and dependable solution for your devices and network, so you find fewer incidents of breaches on data and digital resources. When one layer is defeated, you can be sure that the next layer is standing as a shield for your data, applications and processes.

With security interleaving, all we need to do is segment our security architecture into different layers of security standpoints. All these various configurations must be defeated if the attacker is to succeed in getting hold of our data and computing resources. So, the security administrator starts work on Security Layer A and decides on the security technology to use at this point: firewalls, intrusion detection systems, security patches and so on. Subsequently, they will have to configure Security Layers B, C (and so on) until they’re satisfied that the device or network is exhibiting a reasonable security structure that discourages the hackers. Security interleaving makes available auto-protection switch points around the security architecture in such a way that the death of one layer does not cause the entire collapse of the security architecture. Where Layer A is defeated, Layer B automatically takes preeminence, shielding the devices and networks from malicious activities. The bottom line? The attacker will have a lot of work to do if they intend to achieve their goal.

So, from the hacker’s POV, this is what happens: they start to find a way to defeat the security structure of the resource owner, but are greeted by several layers of security to defeat before gaining and maintaining access to classified data. The hacker gets discouraged and goes to someone else’s device or network that has minimal security. Good job, you’ve kept the hacker away.

Price to pay

We have to understand that the task of setting up these security layers, which may not necessarily be contiguous, can lead to greater overheads. But I’d argue that spending more once and having to spend less later on is a good start for good business. Getting it right upfront to protect our data against cyber-attacks (such as denial of service, data theft, distortion and misuse) means we save money later down the line, as we would end up spending much more to protect our business later on. Plus, the financial impact of a breach can be enormous, and possibly even ruinous.

Corporate concerns

It is commonplace to find large corporations just relying on firewalls, security updates and passwords. This is often done with the utmost confidence, with questions about the insecure nature of such strategies rebuffed. In these situations, it’s our experience that security incidents soon start rolling in.

The major challenge of security interleaving is the cost of its implementation. The benefits naturally far overweigh this challenge – especially for large organisations where the volume of sensitive data runs into several terabytes. Security interleaving relies more on system hardening and defence-in-depth strategies. One day we will certainly defeat the hackers – and security interleaving might just be the thing that comes to our rescue.