[duxup]

Yeah I had a similar experience in terms of security being strong in one place. .. and non existant (as I describe) elsewhere.

Some of our customers did have pretty strong proesses in some places... but then zero when a process changes or something like that.

Lots of: "Oh no we can't do that because <security>".

Ok makes sense. It's a hassle but it is a good policy.

"But you can..."

All sense out the window, everything is undone.

[Zenst]

It's a tale that plays out in many forms. In the early 80's I worked for a goverment entity and had tough physical security to enter the building - however, monthly fire drill would see this large building empty onto the open carpark that was easily accessible as no perimeter fence and with that and the aspect that when re entering the building after the fire-drill, there was always one fire door open to circumvent the bottleneck at reception and with that - no security checks then.

Though many instances of weak links in process due to human nature that get overlooked and only come to light once there is an incident.

Which is the crux, incidents cause things to change, yet if you see that potential flaw the gravatas you have in flagging that issues is often dismissed because it hasn't happened. That is sadly often a pattern we see play out time and time again in many forms.

[murph-almighty]

Literally yesterday we had an issue with someone trying to piggyback into the office behind an employee who had badged in. Said person was intoxicated and removed his pants in the elevator, so it was immediately apparent there was a problem, but what happens when it's someone more nondescript?

[grimjack00]

About two years after my company was bought by a larger one, I was the first person at the office one morning, only to find someone waiting outside the doors. Before I could ask, he introduced himself as an employee from an out-of-town office, and produced a company ID, so I let him in with me.

We had been told to expect some visitors from that office, but I was almost hoping he was not legit, since most of us at my location still do not have a company ID, so I couldn't really say if his was real or not.