[Cthulhu_]

I have no experience in organizations or IT systems that big, but, I can very much imagine that it's not only a matter of not having enough time to check everything, but over time, your systems become so big that it's hard to maintain an overview or, for that matter, control.

I mean, there's been numerous incidents of a random developer having copies of customer data on their systems, or accidentally opening up a database or an Elasticsearch instance to the world.

And I'm afraid the only way to help mitigate that is to restrict what an individual can access and do on the one hand, and bureaucracy on the other. And full-time staff whose only job is to maintain security and juggle access rights around.