1. 14

  2. 5

    This is serious food for thought for anybody who has endorsed zero-trust or capability-oriented designs, including myself. We’ve generally advocated for structure within organizations, running Conway’s Law in reverse in order to derive security boundaries from organizational boundaries. However, the cost of this shift is real, and we know from Brooks’ Law that it is a quadratic cost. Therefore, a version of Coase’s logic does apply, and this helps explain e.g. the popularity of SSO within organizations.

    1. 3

      Thanks! Agreed. And in the worst case there are instances where systems begin verging on exponential complexity – not quite yet fully factorial in terms of interactions, but where you have a zero-trust provider, a cloud infra provider, some third SaaS provider with API key-based auth, and the main organization (which itself may have multiple sub units). Just reasoning about it becomes challenging, let alone building a system, keeping it working and secure, and keeping costs down.

    2. 2

      Very nice exploration of the micro economics or cloud systems. But the Coasian argument is very general, so a deeper exploration of the specific transaction costs would be a good addition. The transaction costs can be of varied sorts, and motivate specific developments in software and business. One excellent text is Hal varian’s and it analyzes many, many issues from IT in the 90s and could very well be updated.

      1. 2

        ‘tacit knowledge’, thanks for the term!