Chapter 34The Loading Bay
The majority of companies focus all their security on the most obvious areas they think should be protected. I can promise that most security budgets go toward the main entrance of a company's site: 90% of the clients I interact with have very strong defenses on the outside and somewhere between OK and none on the inside. Multibillion-dollar companies are the same; in fact, the more money a company has, the less security is generally found inside.
The trouble is, there are many ways to enter a site or building. Security is like an onion: it consists of many layers, and each layer offers different protections. You cannot rely on a single security control, because it is likely that at some point one or more security controls will be breached or bypassed. Then the other layers must be able to resist the attack. You wouldn't jump out of an airplane with only one parachute—you always have a reserve, just like security!
Even when clients have put in some effort before I'm involved, it is clear there is still a misunderstanding about security. I've frequently gained access to a “secure” site by not using the front door.
Whenever I look at a building for the first time, I think about its use and who is going in and out daily. Whether using a digital system or a physical one, we could theoretically create a perfectly secure version of the building; the downside is that it would be unusable. These buildings (and their security systems) are designed to be used, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access