Simpro Knowledge Base

Defense In Depth And Zero Trust

Defense In Depth And Zero Trust visual map

Purpose

Defense in depth and zero trust are two complementary security ideas.

Defense in depth says: use multiple layers of protection so one failure does not become total compromise.

Zero trust says: do not automatically trust a user, device, network, service, or request just because it is "inside." Verify explicitly, use least privilege, and assume breach.

Defense In Depth

Layered defense protects systems at multiple points:

Layer Examples
Identity MFA, SSO, strong authentication, conditional access
Device Endpoint protection, patching, disk encryption
Network Segmentation, firewalls, private endpoints, ingress controls
Application Authz checks, validation, secure session handling
API Rate limiting, schema validation, token validation
Data Encryption, masking, classification, backups
Infrastructure Hardened images, IaC scanning, least-privilege service accounts
Pipeline Code review, SAST, SCA, secrets scanning, signed artifacts
Monitoring Logs, alerts, anomaly detection, incident response
People Training, phishing awareness, reporting culture

The point is not to buy every tool. The point is to avoid single points of security failure.

Zero Trust Principles

The common zero-trust principles are:

  • Verify explicitly.
  • Use least privilege.
  • Assume breach.

For developers, this means:

  • Do not trust internal traffic automatically.
  • Validate tokens and permissions at service boundaries.
  • Use short-lived credentials where possible.
  • Avoid broad service accounts.
  • Limit database permissions.
  • Log sensitive actions.
  • Treat admin features as high-risk.
  • Segment environments.
  • Make production access exceptional and auditable.

On-Premise And Cloud View

Zero trust applies both on-premise and in cloud.

On-premise risks:

  • Flat networks.
  • Long-lived admin accounts.
  • Shared service accounts.
  • Manual patching.
  • Limited observability.
  • Trust based on network location.

Cloud risks:

  • Over-permissive IAM.
  • Public storage buckets.
  • Misconfigured security groups.
  • Leaked secrets.
  • Supply-chain exposure.
  • Fast resource creation without governance.

Simpro should avoid thinking "on-prem is safer" or "cloud is safer." Safety comes from architecture, operations, identity, monitoring, and discipline.

Practical Controls

Identity

  • Use MFA.
  • Use SSO where possible.
  • Remove inactive accounts.
  • Separate admin and normal user privileges.
  • Review access regularly.

Application

  • Enforce authorization on the server side.
  • Avoid trusting UI-only checks.
  • Validate all external input.
  • Use secure headers and cookies.
  • Protect against CSRF where relevant.
  • Use rate limiting for sensitive APIs.

Infrastructure

  • Store secrets in a secrets manager.
  • Use least-privilege service accounts.
  • Scan container images and IaC.
  • Patch base images.
  • Use TLS for service communication where practical.

Data

  • Classify sensitive data.
  • Encrypt in transit.
  • Encrypt at rest where required.
  • Mask sensitive values in logs.
  • Restrict direct database access.
  • Test backup and restore.

Common Anti-Patterns

  • "It is internal, so no authentication is needed."
  • "Only admins can see this button, so the API is safe."
  • "We will add security after the demo."
  • "This secret is only in a private repo."
  • "The firewall protects everything."
  • "We trust our people, so access reviews are unnecessary."

Trust people. Verify systems. These are not enemies.

Team Reference Guide

Guidelines For Teams

  • Design as if one layer may fail.
  • Use least privilege for users, services, and pipelines.
  • Add server-side authorization tests for important actions.
  • Treat secrets and production access as high-risk.
  • Make monitoring part of the control, not an afterthought.

Reflection Questions

  • What single failure could expose too much?
  • Which service account has more access than it needs?
  • Which internal endpoint assumes the network is trusted?
  • What would we detect quickly if an account was compromised?

Further Study

  • Microsoft Zero Trust guidance: https://www.microsoft.com/en-us/security/business/zero-trust
  • NIST Zero Trust Architecture SP 800-207: https://csrc.nist.gov/pubs/sp/800/207/final
  • CISA Zero Trust Maturity Model: https://www.cisa.gov/resources-tools/resources/zero-trust-maturity-model
  • Google BeyondCorp research: https://research.google/pubs/beyondcorp-a-new-approach-to-enterprise-security/