Taking a New Look at Security

When the National Security Agency comes out and says "there's no such thing as 'secure' any more...we have to build our systems on the assumption that adversaries will get in", it should make you stop and think for a moment.

If the NSA cannot completely secure their network, then what hope does your average network administrator have with a fraction of the budget and manpower? Are those firewall rules, password policies, and security updates just pissing into the wind?

Hopefully not, but it is interesting to consider a security design around the premise that your systems are compromised, that each user is or could be malicious, and that your network is as open as the wi-fi at Starbucks.