Bruce Schneier frequently talks about 'security theatre' or the illusion of security. I saw the perfect example the other day when visiting a secure datacentre's co-lo. Visitors are required to sign in with a receptionist who is sitting behind bullet resistant glass behind bullet resistant doors. Having verified who you are they take you to the co-lo, through a door with swipe card access which must be closed before using the hand print scanner and a pin to open the next door in a kind of airlock setup. "Wow, this must be a secure datacentre" you think, until you realise that at the other end of the lobby from the first door with the swipe card access is another door, still with swipe card access but no pin or biometrics, that gives you access to the exact same datacentre. I'll give you one guess which door the staff use.