Complexity impedes Security

Complexity is the primary reason Enterprises struggle so much with security vulnerabilities. 

  • Today’s Enterprises are complex mashup of capabilities in operations and technology. Even small and medium enterprises aren’t an exception.
  • Business capabilities are both broad and deep often cross-referenced in the context of an end-to-end business process. 
  • Businesses are, in today’s information economy, wide open to internal and external threats. Each possible entry and exit are potential points of vulnerabilities. 
  • Enterprises are forced to invest in complicated security systems to monitor, control and audit access to vital assets that include information. Often the cost of securing are a big operational overhead on the profitability.
  • Enterprises need to constantly re-look at the need for complex systems in securing information. at each level of the capability Breadth and Depth for relevance and consistency. 
  • Simplifying the architecture gives an opportunity to apply security where it is essential and simplify how information is supposed to be protected. 

Enterprise security simplification principles

  1. Automate. Keep cyber-physical interactions to a minimum. 
  2. Trust nothing. e.g., default to white-list access control mechanisms subject to strong change management procedures. 
  3. Holistic. Address end-to-end security rather than promoting silos. 
  4. Decentralize. Adopt a peer-to-peer security approach e.g., Blockchain.
  5. Proactive. Give weight to protection over convenience at design, during change and in operations. 
If we, by-design, employ technology for it's utilitarian value, constantly evaluating on minimum viability that offers competitive advantage, we could avoid complexity and simplify protection.

In a follow-on to this topic I'll delve deeper into the security challenges from cyber-physical interactions.


Popular posts from this blog

Anything on a page