"Good morning," said Florian, an unshaven twentysomething in need of a haircut, as he approached the security desk outside of the hospital's datacenter. Sporting a tame metal T-shirt and bleached blue-jeans, he could have easily passed as a hippie. Or as a quintessential IT worker from the dot-com-era. The security guard looked up from his newspaper to see what Florian wanted: "I'm here to pick up the PRDSEC08 server."
The data center that Florian stood outside of housed all of the hospital's electronic records. We're talking employee data, payroll data, operations data, and most importantly, patient data. Ever since the passage of that ominous body of patient privacy regulation known as HIPAA, hospitals have been extra careful to ensure that patient records are physically and electronically secure. While the hospital that Florian was at did not create an impregnable fortress accessible only through a series of twenty-ton blast doors, they were very serious about data center security: hardened steel locks, security cameras, card readers, and round-the-clock security personnel monitoring the area.
Generally, it's a bit tricky for unauthorized personnel to gain access the inner sanctum of a datacenter. I'd rather not divulge exactly how it's done, though I will say that it involves a grappling hook, an electronics scrambler, a hacking device -- you know, the ones that have an LCD screen, plug into any type of passcode-protected device, and quickly flip through every possible code until it finds the right one --, a stealth cloak, and some black spandex to backflip between security lasers and beat up security robots. Florian, however, discovered a slightly easier way in.
Standing there, he heard a cheerful voice from behind the desk, "Sure! I'll show you where the servers are."
Without checking identification, calling someone for verification, or even asking why some underdressed guy might want a server, the security guard led Florian through the datacenter and located the PRDSEC08 server. He was even kind enough to power down, unplug, and pack up the server.
Sure, the exchange wasn't quite in HIPAA compliance, but at least Florian got what he needed without much of a hassle. And thankfully, all he needed was that server so that his company could install, ironically, specialized security software for monitoring network usage.