|
|
|
|
|
|
by freehunter
4846 days ago
|
|
|
Security is about business enabling. We're here to help the business work efficiently, not to get in the way. Feature X might work nicer than Feature Y, but Feature X presents an unacceptable risk to the business. Users are going to demand Feature X even still. It's security's job to present these risks and it's up to the business to accept them or not. Policy is what you're talking about, and solid enforcement. If you don't have a way to ensure people are adhering to the policy, you're in a world of hurt because yes, they will do whatever they can to get the features they want. |
|
|