The solution is just-in-time access controls, context-aware authorization for things like database access (i.e. given a justification with an approval workflow, the employee can access a user X for 2 hours). These are the guard rails against a rogue employee, by introducing friction.
I rolled out these level of controls at a big company and got push back from the sales team -- they needed access to generate leads. do demos on the spot, etc. Was a hard fight and I lost.
I rolled out these level of controls at a big company and got push back from the sales team -- they needed access to generate leads. do demos on the spot, etc. Was a hard fight and I lost.