[echelon]

For a personal device. Corporate devices are subject to a whole host of regulations. PCI, HIPAA, etc.

You can't even touch fintech unless your engineers work on MDM'd devices.

You can't trust every single employee to always keep their machine up to date or be on the up and up. Statistically speaking, you'll need it eventually.

[lrvick]

I have worked at 10+ fintech companies in a mix of full time and contract roles and exclusively use QubesOS. No one was able to make a coherent argument how MDM was going to work or help improve the security of a base OS that is not even connected to the internet.

At best I could run something like osquery that sends reports to my sys-net VM that forwards them to to an interested IT group at a set interval, but no one has actually implemented this as I am always enough of an edge case that they can file a special exception for me.

Some fintech orgs do get by with Linux users just using osquery reporting to a central monitoring panel like Kibana or Kolide that can send automated alerts to those not complying.

[betaby]

Are they? First time I hear that users' desktops are subject to PCI in fin-tech companies.

[CoolCold]

start with password complexities, prevention of unauthorized access (i.e. screen locks), full disk encryption, so on, for those users who are close to cards/data management.

Using Linux not making people automagically smarter and setting simple passwords or not enabling disk encryption - that kind of stuff I can easily imagine to happen without external curation.