top | item 47138606

(no title)

There is nothing here that really tells us the turnstile was security theatre? Or the various key card swipes.

There are many ways to skin a cat; and there are many ways to ensure authenticated / trusted access. If you have site wide security gates, it means you know everyone on site / on a given floor conforms to a given minimal security or trust level, so now you can conduct operations in that area with more freedom. This makes the risk assessments for other actions so much simpler. e.g. Now when the apprentice IT tech leaves the SLT's laptop trolley in the corridor it doesn't trigger a reflash of all of the machines. Or when a key individual misplaces their keyfob (e.g. in the kitchen) it doesn't trigger a lockdown of core systems, because they had it on the way in and its reasonable to trust that nobody stole it.

Obviously the implementation was botched in this case - but "feel secure" and "security theatre" are right as often as they are wrong.

discuss

mikeryan|5 days ago

It also doesn’t describe any of the why the additional security measures were put in place. It sounds arbitrary, but could be an insurance or regulatory requirement that the acquiring company needed to meet. Similar for the login issue, it’s suboptimal but what constraints caused that solution to be put in place? And why wasn’t it fixed?

Sans context there’s not a lot to complain about here.

kuhaku22|5 days ago

> Obviously the implementation was botched in this case

The long wait times could easily have been fixed by staggering employee start times. You could even optimize it per building/floor. Sadly, a lot of bureaucrats lack the imagination to do simple stuff like this. (Anyone with a desperate need to have 9 am meetings would just have to suck it up)

mystifyingpoi|5 days ago

> staggering employee start times

Immediately reminds me of Severance.

formerly_proven|5 days ago

Card readers in elevators are theater though. You would need separate vestibules to actually secure entry via elevator. That’s why most buildings have those.

XorNot|5 days ago

Are they? The goal isn't to draw a hard boundary it's to create layered defenses which increase the difficulty and reduce opportunity.

If instead of open access you need to tailgate on a limited set of employees, that increases difficulty considerably and makes the opportunity much less common.

Real security analysis works this way: you don't assume you can build a wall which is never breached.