Chat with your cloud in Turbot Pipes →
HomeHomeWhat We Prevent: The Four LayersDefense in Depth: How the Four Layers Work Together

Defense in Depth: How the Four Layers Work Together

The four layers of preventive controls create overlapping defense. Issues that bypass one layer get caught by others. This defense in depth means no single control failure creates exposure. Multiple layers must all fail simultaneously for a misconfiguration to reach production and persist.

Consider how the four layers prevent a public S3 bucket:

Build controls scan the IaC template during pull request. If the template specifies public access, scanning tools flag the issue. Developer fixes the template before merging. Issue prevented at the earliest stage.

Access controls block the bucket creation API call if it specifies public access. Even if the developer deploys the misconfigured template (maybe it bypassed scanning), the organization policy denies the API call. Deployment fails with a clear error message. Developer fixes the template and redeploys. Issue prevented at deployment.

Config controls apply S3 Public Access Block at account level. Even if the template doesn't explicitly specify public access and no organization policy blocks the creation, the account-level setting makes the bucket private by default. Issue prevented through secure defaults.

Runtime controls detect if a bucket becomes public (maybe through manual configuration change after creation). Auto-remediation removes public access within 5 minutes. Issue prevented from persisting.

This layered approach means a public S3 bucket must bypass all four control layers to exist in production. The template must avoid IaC scanning. The creation must not violate organization policies. The account must not have public access block enabled. Runtime monitoring must not be configured. Four failures must align simultaneously. The probability of this happening is vanishingly small compared to a single control being bypassed.

Organizations building prevention coverage don't need perfect coverage at every layer initially. They start with the easiest, highest-impact controls and expand systematically. Each layer adds incremental prevention. Each layer compensates for gaps in others. The goal is comprehensive coverage across layers, not perfect coverage within a single layer.