How does diversity bring more security?

Imagine a neighborhood where all the door locks come from the same manufacturer. Once the bad guys learn how to break one lock, they’ll be able to break every lock in that neighborhood. (Hey that looks like most condos in Vancouver!)

Now if half of those locks came from two different manufacturers, that means the thieves have to learn two different ways to break those locks. Now imagine if different door locks were using five, six, or seven different technologies, eventually it would be much more difficult for the thieves to rob the entire neighborhood, even though they could still cause partial damage. Partial damage is always better than having the entire neighborhood exposed to the break-in threats.

The same analogy can be used in other ways, for example houses come in different shapes and forms so thieves have to come up with different plans or use different types of ladders to climb up and break-into those houses. Using different material to build houses possibly introduces further challenges too.

In nature, genetic diversity makes us more immune to viruses, bacteria, and changes in the environment. If all the human race or all the cats had the identical genetic makeup, the first fatal virus would have wiped off the entire species of human or cats. On the other hand a diverse genetic pool ensures that only a portion of a population can be affected by the fatal virus. As a matter of fact, the more diverse a gene pool becomes, the higher those species have a chance to survive. That is exactly why we have sexual reproduction in nature, to make sure that new combinations of genes are constantly introduced to our ecosystem.

This is why cloning in large scale is also not such a wise idea. Imagine losing your entire crop over a fatal virus, versus having only a small portion of your crop dying as a result of a new disease. That determines whether we have enough food to eat and survive

Security of a diverse system is quite universal, therefore it also applies to the computer networks too!

If most people use the same operating system, same browser, same encryption algorithm, or the same online service a larger number of them are likely to be compromised by security attacks. Because it is relatively more difficult to write a virus that could infect different types of operating systems or even spread around.

Likewise there is often more work involved in cracking different types of security walls used in online services. That means using unified technologies, or products offered only by one or two companies isn’t the best choice. In other words, a company’s large market share is in fact a type of security threat itself.