A disadvantage [security teams] face is the fact that we do not lead architecture changes that improve both security and enable individuals or the company.
To further explain that: security likes to tighten things down rather than put controls in place that can give perception of a more open environment. I suspect the entire "Security versus Productivity" argument is inaccurate; it's just the easy way out. We can make both a productive and secure environment if we're more clever.
Post a Comment