[JohannesH]

At my work when our IT sec org tighten the screws harder and harder, people just have to get "creative" to do their job effectively. For us this meant that some of my coworkers started using their own machines to write code making the whole setup much more unsafe and prone to breaches.

But I definitely feel there's a huge missing part in our setup and lack of accountability in the It sec org when it comes to not hurting productivity unnecessarily. They can just keep putting up barriers without any real consideration to the impact and side effects they may have.

[dmd]

It’s blame shifting. If the security people are allowed to make it impossible to work without breaking the rules, they’ve successfully moved all blame for anything that goes wrong away from themselves. “Oh, you turned your computer on? Well, the security guidelines clearly state that’s not allowed, so that’s your fault.”