Often, organizations have a main focus of ensuring the physical safety of their data center and protecting the outer networking layer from any attack. Instead of just focusing on a single outer layer, ensure that security is applied at every layer of the application.

Apply the defense-in-depth (DiD) approach, and put security at various layers of the application; for example, a web application needs to be secured from an external internet traffic attack by protecting the Enhanced Data Rates for Global Evolution (EDGE) network and Domain Name System (DNS) routing. Apply security at the load balancer and network layers to block any malicious traffic.

Secure every instance of your application by allowing only required incoming and outgoing traffic in the web application and database layer. Protect operating systems with antivirus software to safeguard against any malware attack. Apply both proactive and reactive measures of protection by putting intrusion detection and intrusion prevention systems in front of your traffic flow and Web Application Firewall (WAF) to protect your application from various kinds of attacks. You will learn more details about the various security tools to use in the Selecting technology for architectural security section of this chapter.