Complexity is the enemy of security.
I always emphasize that point in the app sec domain when we have those two adjacent slides showing the old system/application environment, and the new. I also point out that the “new” is now rather old. When trying to update that slide I came up with eleven different levels without half trying. Then, of course, you have to add bi-directional arrows between all adjacent components, and between all components on a given level, and between most components on adjacent levels. Gets convoluted real fast.
Went to a real-time/component trade show recently, and was talking to some people who did embedded systems. One of their promotional handouts shows a model that has six layers. (And, of course, you have to add bi-directional arrows between all adjacent components, etc.) And that’s just for “simple” embedded devices.
We seem to have lost the KISS battle a long time ago. I guess now we have to try for KIASAPS (Keep It As Simple As Possible, Stupid).