We just came back from a two-week vacation in Europe; the last 3 days were spent in Florence, Italy. I say this not to make you jealous, but because the very nice boutique hotel (in a 1000 year old building) was a great example of a security principle that I speak about extensively: Match the security to the value of the objects or data being secured.

We checked into the hotel and were given a room key, not the electronic card that most American hotels are using, but an actual key.  And not a modern key, but a skeleton key.

This kind of matched the charm of the hotel and did indeed open the door to our room. Later that day, my brother and his wife checked into the same hotel (we often travel together) and when we met later, I happened to look at his room key. I was a little surprised to see that it was exactly the same key as mine, and we verified this by opening his room with my key.

Later that day, I went to the front desk to find out how to log into the free WiFi that came with the room, the desk attendant said “no problem, let me create an ID for you” –  I had expected them to just give me the password to the portal.  He sits down at the computer and starts typing, sometime later, he hands me a sheet of paper with a unique 8 digit ID and 8 digit password.  My wife got her own ID and password.

Now, back to my security principle – I would prefer that the security of my stuff (room contents) be treated with a higher level of security than my login to the wireless network, but I guess that this is just the result of my confused American security thinking.

I see this wrong sizing of security often when a “one size fits all” solution is being applied. Making people jump through security hoops for non critical issues, in my opinion, weakens the overall security of the organization – in a world where everything is marked “Urgent,” nothing is urgent.

When designing a security solution, make sure that you fully understand what you are trying to protect and that you are not using the skeleton key to protect the crown jewels.

Leave a Reply