Security is an interesting thought experiment. Again a post, but now for those whose paranoia level actually went through the roof.
Nothing provides security better than hardware. You can place all your trust in 'capabilities,' and 'prime number factorizations,' but any black-hat OS programmer will happily code around those with a one-liner. A separate ring of company machines with a good hardware firewall gives good protection, like the set-up of the previous post. But you can tunnel through X11, I even have the software on my machine to do that. Of course, for a startup, nothing then of course beats just having the machines with your assets just unconnected to the outside world.
Question is: What would break that? You would need to exploit the fact that some machines have wireless access, which could be done, given any of the two following Trojan horses. One, your OS cannot be trusted, there are means to exploit the hardware through kernel drivers. Two, your hardware cannot be trusted, there are means to access the hardware through exploits.
One is easy, it would assume some hacker on some module providing Internet access through slightly modified kernel drivers. I would say I'll give it a probability of around 40-70% that some modules have hacks.
For two, you'll need a total different level of paranoia. Internet connectivity is one thing, but what about Bluetooth? Ad-hoc gossiping networks can be implemented in a few hundred lines of assembly, add code-division multiplexing into the mix, and you end up with a hack almost no-one can detect. [1]
Who would do the latter? You need a plot where say the CIA works together with Intel 'for the common good.' Unlikely, yes, or given 9/11, maybe. Impossible, no.
What can you do? Walk around with a soldering iron is an option. Build a big cage around your servers is another one. Live in a hole a hundred feet in the dirt with your own electrical supply and feed of worms, a bit over the top I guess. But then, the latter is exactly what banks in the Netherlands do, except for the worms, of course.
[1] You could do this hack on the firmware/OS level too. The hack would be quite trivial, given enough access to hardware/firmware implementations. It basically involves gossiping around a new part of the OS through ad-hoc Bluetooth, or one square mm CIA-owned Intel transistors.
Of course, to some people the idea might seem preposterous, I don't believe it to be true too. But, when looking at possibilities, yes, in sensor networks they are now aiming at one cubic mm nodes, and a radio receiver on an Intel die would be like fitting a shoe into a baseball stadium.
Gave up on kernel modules like e100, Bluetooth, and Hamming Radio.
Extra: Welcome to our brave new 'interconnected' world. In all honesty, its far fetched, but the mere fact that a phone works inside a bank, should be assessed as a liability in the coming decades. On the flip-side, when it comes to exploits and Trojan horses, I didn't even start yet.