This matters more for some industries than others. But this attitude lets a malicious employee install basically whatever they want in service of “the job” and you won’t even know you’re being breached until after it’s all over.
Well, we still have to get approval. But it just seems like they don’t mind as much. For example, I don’t know how many companies out there would be fine with installations of AutoHotkey and LibreOffice.
I work for a non-profit and they are way more lenient about what we would like to install as long as the job gets done.
Then you have bad opsec and security holes.
This matters more for some industries than others. But this attitude lets a malicious employee install basically whatever they want in service of “the job” and you won’t even know you’re being breached until after it’s all over.
Well, we still have to get approval. But it just seems like they don’t mind as much. For example, I don’t know how many companies out there would be fine with installations of AutoHotkey and LibreOffice.