"There is nothing (nothing!), more important to information security than the people who use the systems and administer the systems. There is no technology you can deploy that cannot be circumvented by either a user making a mistake, or an admin taking a shortcut. "