[RawInfoSec]

I can safely say that it's never to limit our own workload. Considering we'd get paid less if we had nothing to do, it would be pretty dumb to work towards that goal. It's to save the company from going bankrupt with explosive costs of maintaining infrastructure in a hostile environment.

Any and all restrictions are there to prevent risk, to both data security and operational costs. There's nothing worse than allowing a user to do as they please because as Bruce Schneier once said, "A user will choose dancing pigs over security every time."

This is why we work with management to show them the costs of allowing users the ability to roam free. Management makes the decisions, IT implement it.

Security is hard. It is highly invasive to usability. It's not your IT department's fault, it's actually yours.