[parasubvert]

Security in IT can be a way to reduce cost (via risk mitigation), but all too often it's just a form of authoritarian power play by petty tyrants.

In my experience, executives will get "dust in their eyes" if you bend a few rules to get things done in a bureaucratic environment. Plausible deniability, effectively. They want productivity without having to pay for it.

Dropbox, for example, is mostly free (up front), but with a level of risk cost associated with it. An enterprise on-premise Dropbox alternative is not free (up front) and may or may not have less risk than Dropbox. What's the better one? It's hard to measure. What's the ROI of sharing files? Depends on if your management likes fancy numbers games or just approves projects based on personal preference with numbers to make it look like they're doing some due diligence.