Complexity impedes Security

Complexity is the primary reason Enterprises struggle so much with security vulnerabilities. 

• Today’s Enterprises are complex mashup of capabilities in operations and technology. Even small and medium enterprises aren’t an exception.
• Business capabilities are both broad and deep often cross-referenced in the context of an end-to-end business process. 
• Businesses are, in today’s information economy, wide open to internal and external threats. Each possible entry and exit are potential points of vulnerabilities. 
• Enterprises are forced to invest in complicated security systems to monitor, control and audit access to vital assets that include information. Often the cost of securing are a big operational overhead on the profitability.
• Enterprises need to constantly re-look at the need for complex systems in securing information. at each level of the capability Breadth and Depth for relevance and consistency. 
• Simplifying the architecture gives an opportunity to apply security where it is essential and simplify how information is supposed to be protected. 

Enterprise security simplification principles

1. Automate. Keep cyber-physical interactions to a minimum. 
2. Trust nothing. e.g., default to white-list access control mechanisms subject to strong change management procedures. 
3. Holistic. Address end-to-end security rather than promoting silos. 
4. Decentralize. Adopt a peer-to-peer security approach e.g., Blockchain.
5. Proactive. Give weight to protection over convenience at design, during change and in operations. 

If we, by-design, employ technology for it's utilitarian value, constantly evaluating on minimum viability that offers competitive advantage, we could avoid complexity and simplify protection.

In a follow-on to this topic I'll delve deeper into the security challenges from cyber-physical interactions.