During his acceptance speech for the 1964 Republican presidential nomination, Barry Goldwater proclaimed "…extremism in the defense of liberty is no vice." As a supporter of a strong defense during a time when the Vietnam peace movement was gathering momentum, Goldwater was portrayed as an extremist by his political rivals. Even though this image of a hawkish warmonger would be used to the Democrat's advantage during the presidential campaign, Goldwater stood by his principles.

Looking back in hindsight Goldwater was not the extremist he was portrayed to be and his views were not radically different from those held by many "moderates" today. What is considered extreme in one era may turn out to be the norm of another. And this may be the case with those who have what some would call an extremist view of data security.

I recently helped my son-in-law redesign the Web site for a small community business. As part of the redesign, the client asked for the addition of "online scheduling." Developing such an application involved specific programming skills that we did not have, so after some research I found multiple companies that offered this feature as a hosted service that could be imbedded into the Web site. The client would have the additional administrative functions needed to manage and maintain the calendar.

When I met with the client to review the various offerings I was immediately confronted with concerns about security, compliance, control and access. Even though each service had the necessary policies in place to meet most corporate concerns – and had companies already using their offering – the client did not feel they were secure enough.

As we reviewed the objections further it became apparent the client had what some would call an "extremist" view of security. Every office PC was attached to its desk by a locked cable to protect against physical theft. Multiple passwords from start-up to application were used and changed monthly. Servers were turned off every night at closing time to insure no one could access the data after hours. Even though the office was located in a complex that offered secured Internet access, the client chose to install his own Internet connection and firewalls, which were turned off overnight and during the weekends. He did not allow the use of any wireless connectivity, and any type of remote access was forbidden.