In 1999, security technologist Bruce Schneier published “A Plea for Simplicity.” In the blog, he famously wrote, “You can’t secure what you don’t understand” and “the worst enemy of security is complexity.” Schneier explained that analyzing a system’s security becomes more difficult as its complexity increases. His goal was to convince the technology sector to “slow down, simplify, and try to add security.”
More than 20 years later, Schneier’s plea seems naive and even quaint. Innovation has become a force of nature; it will neither stop nor slow down. More innovation means more features, which inherently means more complexity. We all want secure systems, but no one is willing to slow the march of progress to make that happen.