Organizations are complex entities, and few people indeed have a handle on just how complex they are. As they get larger, organizational complexity increases exponentially against linear organization growth, because the number of linkages, data flows and relationships exponentially multiply.
Many years ago I worked for a major Unix workstation and server vendor. This company had an IT policy which forbade the connection of any Microsoft Windows system to the company’s network, without approval from the corporate vice president
At the same time, this company had a finance policy of encouraging employees to use their personally owned PCs for work purposes, and even provided company-paid anti-virus and firewall software to install to mitigate the risk of malware, which was a requirement of the finance policy. All of these PCs ran Windows.
Policy schizophrenia. So what was the end-result? People used their PC’s without VP approval, but didn’t bother to install the software provided. The first policy was stupid, and people ignored both it and the second actually sensible policy. It was a terrible outcome, because the security team burned resources every malware attack, when those people without AV software caused problems around the company.
More Information#There might be more information for this subject on one of the following:
- [#1] - Engineering Security Solutions at Layer 8 and Above - based on information obtained 2018-08-10-