Don't they have random searches? when I went to HMGCC for an interview (at Hanslope Park) a couple of years back there was a sign up saying that you could be searched on entry and exit.
Ever hear a plastic Wal-Mart shopping bag referred to as a "cloaking device"? Also, in some places, items that are banned when referred to by their proper names are allowed when they are instead called "contractor equipment".
The problem is that the level of control required for actual security prevents people from being able to do their jobs effectively. And if no one can get anything done, there's nothing to secure. So this leads to an environment where everything is oversecured by default, and bypassing the nominal level of security is simple, easy, and commonplace--sometimes even expected.
For instance, you don't have local administrator access on your workstation. But you have Visual Studio and its debugger, and can compile and run any source you can type in. You also have physical access to the machine, with its 5.25" removable-media drive. It becomes faster and easier to reimplement an unzip utility from a printed spec than to get 7zip installed on your machine. And the hand-rolled utility probably has a larger exposed attack surface than the open source program.
not where I work. Also, random could mean once every 10 years. I use a laptop and take it home every night. Unless they banned users from taking everything with them (phones keychains etc) there's not much a random search would accomplish.
Indeed. I worked in a secure environment for about 4-5 years, and we couldn't bring our cellphone (of any type) or any other electronics/storage devices/etc. into work. In fact, while working there I had surgery that required me to lug around a medical device 24/7 for a while. And because the device had an exposed USB port, I wasn't allowed to return to work until after I no longer needed it. That took roughly 1 month.
well we don't even work onsite. I write my code on my company laptop. Test against a sanitized database on my companies network and whatnot. Then commit to my companies source control. Then I pickup my government issued locked down laptop, vpn in, remote desktop to the server across the US and svn-update.
I am not dealing with TS stuff here. There are files on the government network which are confidential and having access does require a clearance, but I don't actually work with confidential data directly.
Apple are well known for being ridiculously paranoid about products being leaked before their announcement, so much so that at one point they put eye-height frosting (not the cake type) on the glass walls to stop people accidentally looking in to the factory floor.
My bag was checked once in the 5 weeks I worked there - on the way in. The passwords I created for their new servers (containing metrics from the factory's build and test processes) was at one point walking around Cork in their admin's wallet. I used my own laptop (because OSX bleugh) plugged straight into their corporate lan.
But they did have a room which was out of bounds.
Nobody gets security right, however "high security" they think they are.
Oh and let's not get started on what the MoD thinks it's achieving in its immigration office.
The problem is that the level of control required for actual security prevents people from being able to do their jobs effectively. And if no one can get anything done, there's nothing to secure. So this leads to an environment where everything is oversecured by default, and bypassing the nominal level of security is simple, easy, and commonplace--sometimes even expected.
For instance, you don't have local administrator access on your workstation. But you have Visual Studio and its debugger, and can compile and run any source you can type in. You also have physical access to the machine, with its 5.25" removable-media drive. It becomes faster and easier to reimplement an unzip utility from a printed spec than to get 7zip installed on your machine. And the hand-rolled utility probably has a larger exposed attack surface than the open source program.