The Royal Society of Chemistry has recently published the top five solutions to the Italian Job challenge prize, which aimed to find a solution to the cliff-hanging ending of the film. More than two thousand entries were received, ranging from the simple to the sublime. Some were highly technical, based on computer-aided graphics, nuclear physics and chemistry. Others were highly imaginative, and a few were simple, practical solutions.
The learning point is that your can solve a difficult problem in many different ways with varying degrees of simplicity and practicality. Security designers should take note of that. Simple is always best. There is even a Jericho Forum principle based on that concept. Yet many of the protocols developed for networking security have been unnecessarily complex.
But designing simple solutions is not as straightforward as most people imagine. Management controls, for example, need to have the same number of states as the system they’re aiming to control. One answer is to scale up the number of states using processors, networks and storage. The other approach is to restrict the number of states in the system you’re aiming to control, through, limits, standards or classifications. Unless you do this the system you’re managing will be out of control.
Simple controls can’t control complex situations. But there’s certainly a lot more that can be done to shave off redundant layers from over-complex solutions.