Security Through Complexity

I saw this picture somewhere on social media of these many locks securing the bolt.

However, upon closer inspection, you can see that by simply removing any one of the locks, you unlock the whole thing.

I hope you’ll allow me the opportunity of dragging this out into a cybersecurity analogy.

But, sometimes the sheer number of products and hoops we deploy end up looking a bit like this picture. Sure, it seems like by adding more locks you’re making the environment more secure, but they’re not doing anything effective.

To that, I hear cries of “defence in depth” which is a term I completely agree with. All I’m saying is that the different security tools need to be offering security at different depths… if they’re all floating on the surface, then there is no depth.

As we hear a lot of talk about a global recession and the possibility of security budgets being tightened. So, it’s probably a good time to look through all the security tools and processes that you have in place and ask if these are offering actual security as part of your defence in depth strategy, or are they merely adding complexity?

By removing those elements, you may end up saving a bit of money, and who knows, saving yourself a few migraines next year.