|
|
|
|
|
|
by joshuamorton
1339 days ago
|
|
|
My lukewarm take is that it is possible to construct your company/infra in such a way that functionally, any employee can audit that (2) is not the case, and that Google comes very close to doing this. If you take security and specifically insider threats seriously, you can't privilege or hide any subsystem, or it becomes a threat of its own, so the same processes that prevent an attacker from creating a shadow-system in your infrastructure also prevent you from doing the same thing. |
|
|