Complexity is the enemy

Saturday, 31 Jan 2009

Felix von Leitner (translated from German):

Quick reality check about how deeply the IT security industry is despairing against the targeted malware problem. In this particular instance, credit card data from a payment processor (a broker between someone like “Amazon” and someone such as “Visa”) was tapped. The trojan that did this was hidden in “unallocated portions of server disk drives”. Two forensic teams brought in to investigate the problem did not find it even after it was clear that something was fishy. In the very end they spotted it because it left temporary files lying around carelessly (in other words, only because the malware author blew it).

Well, folks, that’s how it is. That’s the truth. Our business processes are running on a card house of such an extraordinary level of complexity that all of the floors can be completely rusted through and we only realise it after a visitor has a fallen a few storeys through them.

And now the money quote for which I posted this:

Therefore: Professionals can be recognised by the fact that they minimise complexity. Small modules, complete isolation of modules, minimal (in number and size) interfaces. Bunglers can be recognised by the fact that they launch Visio when they plan their project.