Skip to main content

Less Complexity

Avoid complexity.

Complexity is the biggest evil for security. IT systems in general are extremely complex. The more layers the more it's difficult to see what is going on. Adding more layers to improve security has often the reverse effect. The most simple systems have the smallest hacking surface. Simplicity is your biggest friend in the security domain.

Many governments rely on commercial systems which are not open source nor simple, this forces the IT administrators to create a layered building block approach of often hundreds of different systems which need to work together. Each system adds to complexity, each system needs to be maintained, looked at from a security vulnerability perspective, upgraded, ... This is often not done properly because administrators are afraid of the impact on uptime. Most will go for an approach as follows: if not broken, don’t touch, unfortunately in IT this is not doable, the more systems someone uses the more vulnerability issues inside (see risk of bugs & backdoors), today most systems need to be upgraded on a monthly basis. Now imagine what this does for 100 interconnected systems which all need to be individually updated and keep on working together, this is a nightmare to execute on.