> If corporate systems were stand-alone/isolated, we probably would not have this problem to the extent that we do.
Well.. Yeah, but also... This is what we used to have and have been moving away from. We used to have on premise and then moved to SaaS. I'm pretty sure we all realized that had some security consequences, right?
Compliance and audit driven organizations are more likely to do these things. They want consistency and control across the org. What they fail to realize is how that same consistency and low level control can be used against them. And, more importantly, the scale of the abuse will be as efficient as the scale of management.
It's sort of like building an encryption backdoor (only for law enforcement) and then to be shocked and surprised when criminals use it against you. Security technologists who know better are not consulted and/or their advice to isolate and diversify is not taken.
Well.. Yeah, but also... This is what we used to have and have been moving away from. We used to have on premise and then moved to SaaS. I'm pretty sure we all realized that had some security consequences, right?