I just had a brief discussion with a dev co-worker and we discussed this very topic. We also provided some examples showing that no matter what policies are in place, security is only as good as the people who are responsible for enforcing it. At some point, you just have to trust your people. That said, let's move on to example numero uno.
My co-worker used to work for the Department of Defense as a contractor (no, not him). Passwords were given to him in a vault and he was made to memorize them (as opposed to simply writing them on paper) all the while being watched by a government official whose job it was to ensure that no written record of the passwords existed. On the surface, my friend complied. He remembered the passwords alright...just long enough to write them down though (when no one was looking, of course).
The same employee at the same job was also to be watched by a government official as he worked to make sure data was not "misused." Believe it or not, even government officials are human. At some point they too take breaks, go to lunch, become friendly, and even gain your trust. Simply put, the opportunity will arise to compromise security because people are human.
For years I worked at the SolarWinds headquarters in Austin, TX. Part of my daily routine was to download a podcast via Bittorrent over the wifi connection straight to my phone. This past August, I moved to the Salt Lake City office and quickly realized they plugged the torrent hole in the firewall here. How would I get my show onto my phone? Oh, the perils of security! Puh-lease. All I did was RDP into my laptop, download my show there, then put it in my Dropbox. Presto! Five minutes later I was enjoying the show.
Like I said earlier, "...security is only as good as the people who are responsible for enforcing it. At some point, you just have to trust your people." If you don't trust those around you, you may have bigger issues that need addressing. That's just my 2¢.
Do you have an example?
If you do, tell me about it in the comment section below. Now if you'll excuse me, I need to find some black tape to put over my webcam.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.