Tuesday's shooting at YouTube headquarters has highlighted the vulnerabilities in workplace security -- especially in the open campus model often favored by Silicon Valley tech companies.
Interested in YouTube shooting?Add YouTube shooting as an interest to stay up to date on the latest YouTube shooting news, video, and analysis from ABC News.
Open work spaces
"There are some companies, particularly in the tech sector, that try to create a work environment that's open, that's more relaxed," said John Cohen, an ABC News contributor and former U.S. counterterrorism coordinator for the Department of Homeland Security. "The whole idea is that in addition to the stressful work that employees are involved in every day, that there are parts of the environment that's meant to be conducive to relaxation."
"Most companies have embraced security protocols that restrict access" to these open campuses, Cohen told ABC News. However "once you're in the campus, they're designed to be free and open spaces because that's conducive to the type of environment they want to have in place to foster creativity and productivity."
"The problem is, from a security perspective, the more open, the more that an individual can move around and come into contact with other people, the easier it is for an attacker to operate in that environment, as well," Cohen said.
With open work spaces, employees "aren't in self-contained offices with doors that can lock -- they're instead in these huge rooms. There may be controlled access to get into that work space," Cohen said, but "that controlled access can be bypassed by someone who is really committed to do it." And once you get inside the open space, there is "tremendous accessibility," he added.
An attack at YouTube headquarters
Suspect Nasim Aghdam, 39, stormed the Northern California YouTube campus at lunchtime on Tuesday armed with a handgun, police say, causing terrified employees to run for their lives or barricade themselves inside rooms.
Four people were hurt in the bloodshed: three from gunshot wounds and one with an ankle injury from running from the scene.
Aghdam, who killed herself at the building, was a prolific YouTube user who was "upset" with the YouTube's "policies and practices," authorities said.
It appears Aghdam had parked her car behind a neighboring business and accessed the Youtube campus from a parking garage, police said. The parking garage has pedestrian doors to open areas at the YouTube campus, police said.
In the wake of the shooting, San Bruno Police Chief Ed Barberini said officers have "trained with YouTube regarding critical incidents."
"There is security on site," Barberini told reporters today. "We just have to figure out the area where she entered, what level of security existed at that point."
The Silicon Valley open campus trend
The Silicon Valley is unique in that it is peppered with big-name tech companies with wide open campuses meant to be a relaxing environment for their employees.
Some Silicon Valley companies are reluctant to talk about the open campus security issues in the wake of Tuesday’s shooting. But the YouTube attack does have some companies reviewing security procedures.
Google, YouTube's parent company, said in a statement that it is reviewing the events of Tuesday and taking action worldwide.
An update from YouTube. pic.twitter.com/HG4LgCupRi— Google Communications (@Google_Comms) April 4, 2018
Facebook said in a statement, "The safety of our employees is paramount. We work every day to maintain a safe and secure environment for our community."
A Twitter representative said the company has security teams in place and that its systems are always evolving to try to assure employee safety.
A representative for Apple did not immediately respond to ABC News' request for comment.
Chief Barberini said, "From a law enforcement perspective we’re always advocating for heightened security."
"I know we might measure that with people having to operate a business," Barberini said, "so, I guess from a law enforcement perspective it’s just a little biased. We’re always looking for opportunities to harden targets or making environments as safe as possible for folks that work there."
The evolution of workplace security
Workplace security goes beyond open campuses and has evolved over time.
Before 9/11, "Security was generally seen as a cost and it was not typically a priority for the business leadership," said Cohen.
"After 9/11 there was growing recognition among security professionals that more needed to be done to secure private businesses," Cohen added.
However, Cohen said, "There was always sort of a conflict -- security professionals who wanted to secure locations ... and business leaders from those corporate entities who were concerned about the perception that oversecuritization [like physical security personnel and building upgrades] might create." And it was still seen as a "cost on the balance sheet," he added.
Now, business leaders are increasingly recognizing the damage to their brand should a successful attack take place at one of their facilities, Cohen said.
"We're beginning to see those same business leaders come to understand that creating a safe environment for the workers and for visitors not only can enhance your brand but can make people more comfortable and more productive," Cohen said.
The current state of workplace security
To Cohen, the main security threat for businesses right now is an individual with a vendetta against an employee or company gaining access to the building and then using a knife or gun to target employees.
Cohen said the two key places where business professionals should focus their attention are: controlling access to the building and then controlling access to the interior of the building or campus.
And as business leaders address the security points, they must also communicate with their employees, finding the delicate balance of not creating a fearful environment or negatively impacting productivity, but still making the employees prepared through tools like active shooter training and online classes.
To Cohen, not investing in security may be "short-sighted" because a successful attack could dramatically undermine the company by: impacting the brand, hurting the ability to bring in employees and interrupting the ability to conduct business and generate revenue.
"Not every company is going to have the resources to hire security intelligence analysts," Cohen said, "but in this current threat environment, every company has to have some awareness into these security issues and they have to factor that into their business planning."