Extremism in defense of security is no vice

During his acceptance speech for the 1964 Republican presidential nomination, Barry Goldwater proclaimed "…extremism in the defense of liberty is no vice." As a supporter of a strong defense during a time when the Vietnam peace movement was gathering momentum, Goldwater was portrayed as an extremist by his political rivals. Even though this image of a hawkish warmonger would be used to the Democrat's advantage during the presidential campaign, Goldwater stood by his principles.

Looking back in hindsight Goldwater was not the extremist he was portrayed to be and his views were not radically different from those held by many "moderates" today. What is considered extreme in one era may turn out to be the norm of another. And this may be the case with those who have what some would call an extremist view of data security.

I recently helped my son-in-law redesign the Web site for a small community business. As part of the redesign, the client asked for the addition of "online scheduling." Developing such an application involved specific programming skills that we did not have, so after some research I found multiple companies that offered this feature as a hosted service that could be imbedded into the Web site. The client would have the additional administrative functions needed to manage and maintain the calendar.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

During his acceptance speech for the 1964 Republican presidential nomination, Barry Goldwater proclaimed "…extremism in the defense of liberty is no vice." As a supporter of a strong defense during a time when the Vietnam peace movement was gathering momentum, Goldwater was portrayed as an extremist by his political rivals. Even though this image of a hawkish warmonger would be used to the Democrat's advantage during the presidential campaign, Goldwater stood by his principles.

Looking back in hindsight Goldwater was not the extremist he was portrayed to be and his views were not radically different from those held by many "moderates" today. What is considered extreme in one era may turn out to be the norm of another. And this may be the case with those who have what some would call an extremist view of data security.

I recently helped my son-in-law redesign the Web site for a small community business. As part of the redesign, the client asked for the addition of "online scheduling." Developing such an application involved specific programming skills that we did not have, so after some research I found multiple companies that offered this feature as a hosted service that could be imbedded into the Web site. The client would have the additional administrative functions needed to manage and maintain the calendar.

When I met with the client to review the various offerings I was immediately confronted with concerns about security, compliance, control and access. Even though each service had the necessary policies in place to meet most corporate concerns – and had companies already using their offering – the client did not feel they were secure enough.

As we reviewed the objections further it became apparent the client had what some would call an "extremist" view of security. Every office PC was attached to its desk by a locked cable to protect against physical theft. Multiple passwords from start-up to application were used and changed monthly. Servers were turned off every night at closing time to insure no one could access the data after hours. Even though the office was located in a complex that offered secured Internet access, the client chose to install his own Internet connection and firewalls, which were turned off overnight and during the weekends. He did not allow the use of any wireless connectivity, and any type of remote access was forbidden.

As for online scheduling, the idea of the customer being able to make an actual entry into a schedule that was maintained by a third party was totally contrary to his views. What he wanted was just the ability to display available time slots. His customers could request a time via an e-mail form; but the appointment would not be confirmed until he read the e-mails and updated the calendar manually.

During our conversation I started to understand his rationale. As a healthcare provider he needed to ensure HIPAA compliancy, but more important than the regulatory requirements were his feelings about the trust his patients placed in him to keep any and all information confidential – which to him included appointment scheduling information. This "sacred trust" was more important than any technology, and the security measures were his way of protecting his patients' data.