Beyond Perimeter Security: Why to Apply a "Tower Defense" Strategy to IT Security

Most MSPs aim to prevent IT security breaches. Today, however, it is time to admit that plugging every hole is just not realistic. The bad guys will sometimes get in, but you can still build an effective security response — just like you do in “Tower Defense” video games.

As many children of the 1990s and 2000s know, “Tower Defense” refers to a genre of video games.

There are many different “Tower Defense” implementations, and they vary in their details.

However, the core concept in all of these games is to construct defenses that prevent intruders from breaking past a perimeter.

What makes “Tower Defense” games especially interesting is that, unless you are an exceptionally good , the intruders will sometimes get past your defenses.

You’ll lose points as a result — and in some games, unless you have secondary defenses in place to deal with intrusions that surpass your first lines of defense, you’ll lose the game.

IT Security: Have a Response Plan, Not Just Perimeter Defense

The same trend holds true in IT security.

No matter how many perimeter defenses you construct, it’s virtually impossible to prevent some attacks from breaching those defenses.

No amount of firewalls rules, automated security response tools or seasoned security admins can guarantee that your systems and data will never be compromised

If you need proof of this, look no further than the never-ending string of IT security breaches that fill today’s headlines.

In some cases, the security problems can be attributed to poor planning.

Yet not all companies fail to erect solid IT security operations. Despite IT security investments, two-thirds of companies suffered a breach in 2015-2016 alone.

And that data is based only on reported security incidents. The actual rate of security breaches in probably higher, because 74 percent of companies are breached without even knowing it.

It’s clear that the best-laid cybersecurity defense plans sometimes go awry. There is no guarantee against a breach.

This is why MSPs — and any type of IT service provider or company — should adopt a security strategy that is based on more than defense alone.

By all means, organizations should do everything they can to set up defenses that will prevent a breach.

But they should also have plans in place to deal with a breach when it happens — which it very likely will, no matter how hard you try to prevent it.

The bottom line: If “Tower Defense” taught us anything, it should be that no defense is perfect, and perimeter-based security operations will sometimes fail. You need a plan for responding to breaches just as much as you need a perimeter-based security strategy.