Defense in depth is one of the most important theories to a solid security architecture. Building up the network to defend against external threats makes sense, but you cannot rely on it alone. Adding layers is never a bad thing, as long as you aren’t causing those layers to deny service when it is a critical, always-on type environment. Weigh your business risks against the Web application’s purpose, as well as how it interacts with the rest of the system, its developers, and the consumer.”]
Source: https://www.darkreading.com/attacks-breaches/inside-out-security