I find myself now working for one of those monolith companies with connections to every other buzz word monolith company you can think of, Google, Apple, Amazon, etc and even organizations like the NSA and cabinet level position within the executive branch of our federal government. We have some of the most high profile talent in the world working within every department of our organization, we even have a former spook heading up security but unfortunately this does not mean we have the best and the brightest.
Anyone with enough resources can make almost any system impenetrable, load a computer running SELinux with all your company secrets put it on a submarine and sink it to the bottom of the ocean and use the Glomar Global Explorer to retrieve the information when needed, the bandwidth will suck but hey it is secure. That is all the matters, right? Wrong!
With the current cultural infatuation with superlatives, best, most, highest, ultimate, etc we have lost sight of how important it is to find balance, and that most often good-enough is the best you can ask for. Network security is no different, when a set of network and IT security policies become so restrictive as to keep smart people from doing their jobs then I don't care if the policies were created by a former top analyst at the NSA, you have failed miserably. You are wasting the money you spend on acquiring these smart people in the first place, your employees are going to become frustrated, apathetic, and if moral gets bad enough they will leave.
My experience is that there are two ecosystems of employees, those that will deal with these inconveniences because they want to make a name for themselves in large companies, and those of us who really don't care. Who would rather do interesting work with the freedom to make our own decisions on how to work. I'm in the later group, I have no desire to work for the Google's and Amazon's of the world, I can to plenty of interesting work, and not spend my day fighting ever increasing security blockades while I try to get my work done.
No comments:
Post a Comment