Berms for Information Privacy

We like to believe our berms keep prying and accidental eyes out of our information yard. Our yard is where we locate our personal information and the berm is a way to separate those who are allowed in (through the front gate) from those who we want to keep outside. When they knock on the door, we may choose to allow someone in (briefly). And we like to believe unless they enter through the front gate, they cannot see or cross over the berm.

A berm is simply a raised stretch of ground, blocking off one side of land from the other. I see them around golf courses and residences, to block view of and from the road into the course or property. The berm acts as a sight-block only. Someone on foot is capable of climbing up and over the berm into the other side, barring additional barriers such as a fence or guard dog.

As I was driving parallel to a berm between the road and a golf course, I thought about how ineffective berms are for blocking access to the golf course. The designers and constructors of the berm know it is not a secure wall, but rather a visual deterrent. What about the golfers? Do they think the berm shuts off access to the course for all except members who begin their game at the club house? They must observe people and animals sauntering onto the course from the other side of a berm and admit the berm is not present for security reasons.

In a similar way, we pile up physical and technological berms along the edge of our information assets. It may be something as simple as a physical cubicle wall between our computer screen and the adjacent co-worker. Passwords are another example of a barrier which provides a modicum of security (depending on many factors including the robustness of the password). Security is a big deal; some of the berms we build (or trust someone else to build on our behalf) are intended to be walls. Yet, even walls succumb to brute force, scaling, tunneling, and poor construction.