Volker Schwaberow
Volker Schwaberow
The Door Wedge Is A Lesson in Cybersecurity

The Door Wedge Is A Lesson in Cybersecurity

Volker Schwaberow Volker Schwaberow
February 10, 2025
5 min read
Cybersecurity Risk Management Security Awareness Policies Workarounds Vulnerabilities
Next Post A Lexer And Parser For A Simple Language
Previous Post When TLS Is Not Enough
Table of Contents

The Door Wedge Is A Lesson in Cybersecurity

You’ve probably seen the door wedge if you’ve spent time in an office. It’s a small, unassuming object, easily ignored unless you stumble across it—literally or figuratively. But look closer, and you’ll find it holds a deeper lesson about balancing rules and reality, security and convenience.

Picture this: you’re walking into your office, coffee in hand, and there it is, a fire door, propped open with a wedge. That door has a clear purpose: to stay shut, slow the spread of fire, and protect lives. But today, it’s been conscripted for convenience, holding the door open for deliveries or saving someone from repeatedly reopening it. It’s a quick fix—practical in the moment but undeniably at odds with the rules.

The wedge isn’t inherently bad. In some scenarios, finding a workaround to meet immediate needs is necessary. But left unchecked, it’s a vulnerability waiting to be exploited. The real problem isn’t the wedge itself; it’s the lack of clarity around its use. When is this workaround acceptable? Who decides? And what safeguards are in place to mitigate the risks it introduces?

The Door Wedge in Cybersecurity

In Cybersecurity, “door wedges” appear in countless forms. I remember one incident vividly: a network outage had paralyzed operations, and under immense pressure to restore services, the IT team disabled a firewall. It worked. The systems came back online, and the crisis was averted. But the vulnerabilities introduced during that brief workaround lingered for weeks, unnoticed and unaddressed, until they were eventually exploited.

These digital “door wedges” are everywhere: temporarily disabling multifactor authentication because it’s inconvenient, sharing admin credentials via email to speed up a project, or using unauthorized cloud services because the approved ones are clunky. These actions aren’t driven by malice. They’re attempts to solve immediate problems. However, without compensating measures or clear oversight, they create cracks in an organization’s defenses that can be exploited long after the shortcut is forgotten.

Implications for Information Security Management

Information Security Management Systems (ISMS) are designed to provide structure and consistency in the chaos of modern operations. They establish protocols to protect against threats. But, much like fire door policies, they often clash with the day-to-day realities of running a business. Workarounds, like door wedges, are inevitable. The challenge isn’t to eliminate them entirely—it’s to manage them thoughtfully. Organizations can do this by:

  • Creating clear guidelines for when and how exceptions are permitted.
  • Encouraging open communication about workarounds to ensure transparency.
  • Establishing compensating controls to mitigate risks.

And of course, the most important: Escalation and Exception Management. Communicate to the right stakeholders when a workaround is necessary, and ensure that the workaround is documented, reviewed, and also handled with actions in a timely manner.

For example, if a fire door must remain open for deliveries, assign someone to monitor the area and ensure it’s closed immediately afterward. If multifactor authentication needs to be disabled temporarily, implement enhanced logging to track all activity during that period. These measures bridge the gap between rigid rules and operational flexibility.

The Importance of Awareness

Security is about more than policies or technology. It’s about people. Employees need more than a rulebook—they need to understand the reasoning behind the rules. When they grasp the “why,” they’re far more likely to comply or seek advice before bypassing security measures. Take multifactor authentication as an example. Employees who understand it’s a critical barrier against unauthorized access are less likely to disable it because it feels cumbersome. When they recognize the risks of sharing passwords, they’re more inclined to handle credentials responsibly. Education transforms security from an imposed burden into a shared responsibility.

Closing the Loop

The door wedge may be a small object but holds big lessons. It represents the tension between security and practicality and underscores how well-intentioned shortcuts can lead to unintended consequences. Temporary workarounds will always exist, but they don’t have to undermine security. By promoting the culture of transparency, accountability, and adaptability, organizations can ensure that the building remains secure even when the door is propped open.

Ultimately, security isn’t about enforcing rules for the sake of rules. It’s about cultivating a mindset that values thoughtful decision-making and calculated trade-offs. Don’t just step over a door wedge the next time you see one. Ask yourself: What does it represent in your organization? Are the “door wedges” handled thoughtfully, or are they hidden vulnerabilities? Identifying these subtle cracks and preaching them proactively could mean the difference between a robust security posture and a preventable breach.

Next Post A Lexer And Parser For A Simple Language
Previous Post When TLS Is Not Enough