Skip to content
ROOT
STUB

Defense in Depth

The pattern: stack independent controls so no single failure compromises the system. Image signing catches supply-chain attacks. Pod Security catches privileged-pod escapes. NetworkPolicy catches lateral movement. mTLS catches MitM. RBAC catches unauthorized API actions. Audit catches everything that already happened. Each layer fails sometimes; the stack of layers is what holds.

The trade-off: operational complexity vs. blast-radius reduction. Every layer adds setup, maintenance, and debug time. The cost of not layering is invisible until a breach, and then it is catastrophic. Defense-in-depth assumes every control will eventually fail and bets that the next control will catch what the previous one missed.

Deepens in Year 2 Phase 12: Platform Engineering — the security half stacks 5+ layers (signing, Pod Security Standards, NetworkPolicy, mTLS, RBAC) on basecamp and reaches DEEP.

  • least-privilege — one of the layers; default-deny is what makes the stack additive instead of redundant.
  • zero-trust-security — the identity-as-perimeter layer that makes lateral movement harder when an outer layer fails.
  • secrets-lifecycle — short-lived credentials are the layer that limits blast radius when an attacker gets something.
  • threat-modeling — how you decide which layers a given surface actually needs.
  • network-policy — the L3/L4 layer in the stack.
  • service-mesh — the mTLS + identity layer.
  • immutable-infrastructure — image signing + reproducible builds are upstream of the supply-chain layer.