Information protection is usually via layered defence, sometimes refers as the “onion approach”.
In physical world, protected contents are placed inside secure facility thru multiple control points with access granularity like site level, particular zone(s) in the site, building, equipment room and cabinet before reaching the target.
When things are changed accessible from network, reliance on physical access is still required but there are added controls to the cyber portion. Layered protection counterparts are: network firewall, application firewall, middleware gateway, RBAC, multi-factor authentication.
Latest concept is zero-trust (ZT): user identity (and the authorized roles), request originated from which device (and platform), via trusted or untrusted network, type of application raising the request, types of contents for access, industry compliance and latest threat intelligence are all the variables in determining the permission for access. The same onion approach applies except more complexity in setting up and maintenance of these dynamic parameters.