Complexity and Security
I have written about complexity and security for over a decade now (for example, this from 1999). Here’s the results of a survey that confirms this:
Results showed that more than half of the survey respondents from mid-sized (identified as 50-2500 employees) and enterprise organizations (identified as 2500+ employees) stated that complex policies ultimately led to a security breach, system outage or both.
Usual caveats for this sort of thing apply. The survey is only among 127 people—I can’t find data on what percentage replied. The numbers are skewed because only those that chose to reply were counted. And the results are based on self-reported replies: no way to verify them.
But still.
atsacryl • January 29, 2013 6:54 AM
^^ ^^
I think it is very true. ‘More complex a system is more likely to have fault’.
But complexity can be unusual to define. There is quite a difference between a complex house and a complex tree, between a room which is very messy, and a room which has much content but it is all tidily stored away.
Automation is helping a great deal, as well.