I use to work at Exodus (my story here), which became Cable and Wireless, which is now Savvis. Back in the first web boom Exodus was a high flying web host, for premiere brands. We had the top web brands, ya know: Yahoo, Weather Channel, eBay, Pets.com, and a ton of porn sites (little known secret).
We emphasized uptime, fat pipe, and hardened security, both digital and physical. As a result, we installed countless devices from bioreaders of palms, to ‘man traps’ that would trap someone in a tube if their exiting weight was greater than their entering weight.
I recently found out during one of my lab days (full day evaluation of a vendor –including scenario testing) with community platform vendors, that some brands are putting them to the test when it comes to security.
This one particular community platform vendor was being evaluated by a large Fortune 1000 company, who was very concerned about security. As a result, they tried to break into the building where the servers were, the Colocation center. The tried various tactics from manipulation, giving excuse to get in, or looking for unlocked doors.
On a related note, one of the vendor employees told me about his experience where he saw that an air conditioning unit was plugged into the outside of the colo, which he unplugged, and it stopped functioning. I guess the system was not redundant with backup fail safes.
Given that our personal data is all over the web in Facebook, LinkedIn, Google Docs, Peoplesoft, Siebel, SalesForce, your bank, what have you done to test the security and ensure the physical realm is secure? Not much I’ll bet, we just rely on blind faith as users in many cases to ensure we’re protected. I trust my bank (but cannot confirm) that my data is truly safe.