Achieving defence in depth in a cloud environment

Defence in depth (DiD) is, frankly, nothing new. In fact, it's as old a concept as IT security itself. Any business that considers itself to have a mature security posture will already be applying such an approach within their enterprise security model. The question is can you apply the same thing to a cloud-centric operation? More to the point, can you afford not to? First of all let's consider what we mean by defence in depth in the first place, and for the purposes of this particular application that's simply a risk mitigation construct which employs multiple layers of control throughout the IT environment designed to slow down and protect against the inevitability of attack. In other words, if employed correctly such a strategy can prevent breach and help the enterprise respond effectively to any attack by buying time through its layered approach.