Peter Cochrane's Blog: So you think you've got security nailed down?

Why security is literally an open-and-shut case...

Iris scanner

Organisations focus attention and money on clever security but then go and leave the back door openPhoto: Shutterstock

Written in Bangkok and dispatched to via a domestic wi-fi hotspot at 3.5Mbps later the same day.

You wouldn't bolt and secure your front door but leave the back door and windows open, would you? Of course you wouldn't. Yet that seems to be exactly what organisations do with their data security.

Many years ago I audited the security systems of an organisation that I knew was no slouch technically and which was well organised and managed. My initial concern was whether I would find anything to report at all. Would I even be able to get through the organisation's defences?

The front entrance of the campus was well guarded with a defined reception and holding area. Visitors were issued badges with red stripes while employees had plain blue badges of exactly the same design. All visitors were escorted and had to be accompanied at all times.

On one of my earlier visits I had innocently walked out without handing in my visitor badge. There had been no follow-up. So an hour on Photoshop turned me into the proud owner of an employee badge in plain blue complete with my photograph and fictitious employee number.

So I started my next visit by driving around the back of the site. Within minutes I had located an unguarded entrance. I walked in and made my way around the campus carrying a pack of papers under my arm. My walk was not casual - it was purposeful, as if I were a man on a mission.

Within 15 minutes I had made a lucky find...