Importance of Protection-In-Depth

Since the ages of castles, protection-in-depth has been used to defend, deter, delay, detect and deny adversaries. Although we no longer use moats or archers, the concept of protection-in-depth is still used in physical security today. These days, security managers and consultants advise organizations on the best security measures and methods to protect their personnel and assets.

A physical protection system is viewed as balanced when every pathway by which an adversary might attempt to accomplish a goal presents a similar level of difficulty.[1] Protection-in-depth is a concept used to ensure an adversary must defeat several physical security measures to gain access to the organization’s assets.

Several aspects contribute to the protection-in-depth structure including fencing, CCTV cameras, doors and locks, intrusion detection systems and access control. Individually each physical security measure is easily defeated, but when implemented in conjunction, they strengthen each other.

Fencing

A fence is usually the first physical security measure an organization has within the protection-in-depth system. Chain-link fences are the most common type of fencing used over the past 60 years.  Its popularity is due to its cost-effectiveness, versatility, corrosion resistance and strength. From a security perspective, the best feature of a chain-link fence is the ability to see through it. The fence and posts are thin enough to allow for surveillance without disrupting sightlines.

CCTV Cameras

Video security technology has significantly evolved over the past few decades with the integration of local area networks, wide area networks, WIFI, intranets, internet and other security technology. Video surveillance serves as the remote eyes for management and the security force. Using a camera on its own, outside the protection-in-depth fundamental principles, generates several security gaps and vulnerabilities. For instance, the CCTV camera can’t respond to an incident. Using quality video technology systems in conjunction with fences and other security measures ensures the best defense and protection.

No matter the size of your business, security must be considered an essential element of your company and future growth.

Doors & Locks

Doors and locks are part of a balanced security design approach and function as a barrier at points of entry and exit. Unfortunately, several organizations rely solely on doors and locks to protect their business, employees, and assets. Even the best doors and locks are designed to be impenetrable by ordinary means and offer only maximum delay time before penetration by extraordinary means. The other security measures in the protection-in-depth concept assist in further delaying an adversary before they can attack the vulnerabilities of doors and locks.

Intrusion Detection System

Burglary is a big business. The FBI Unified Crime Report states, business without an alarm or detection system are 4.5 times more likely to be targeted.[2] Implementing an Intrusion Detection System (IDS) further strengthens the protection-in-depth of your organization. Without a suitable IDS, an adversary can quickly climb a fence, walk past the CCTV with a mask, pick a lock and gain access to your facility. The purpose of an IDS is to signal the presence of an intruder. The other security measures are used many as delay and deterrence; an IDS will fulfill the detection need within the layers of security. IDS come in several different protection capabilities from photoelectric eyes, ultrasonics, microwave, and passive infrared motion detectors to pressure mats, sounds sensors and dual-technology sensors. Every organization’s security needs are unique, and as technology advances, the best suitable IDS in a protection-in-depth system may vary considerably.

Access Control

As one of the last layers of security, access control systems must be established and maintained to preclude unauthorized entry. Organizations must protect and control the accessibility of intellectual property, records, restricted areas, classified information and critical equipment. Uncontrolled movement and direct access lead to theft, espionage, sabotage and several other adverse actions. One mistake organizations make often is only controlling the access of visitors. Does every employee need access to the server room? What can the cleaning crew access? Access control varies in size and sophistication and includes employee screenings, ID systems, visitor control and mechanized/automated systems.

An organizations success and profitability depend on several different internal and external factors, one often neglected or misunderstood is security. Having all the security elements installed is excellent, but unless they mutually support each other, they are useless. Imagine a sports team with a group of great players on the team. Unless they work well together and play as one, they won’t win the championship. Protection-in-depth are overlapping layers of security, both indoors and outdoors. No matter the size of your business, security must be considered an essential element of your company and future growth.

[1] Gregory D. Wyss, Quantifying the Degree of Balance in Physical Protection Systems, U.S. Department of Energy Office of Scientific and Technical Information, https://www.osti.gov/servlets/purl/1141874

[2] Federal Bureau of Investigations, Unified Crime Report 2015. Criminal Justice Information Services Division. https://ucr.fbi.gov/crime-in-the-u.s/2015/crime-in-the-u.s.-2015

Up Next: 3 Indirect Benefits of a Security Survey