I sympathize a lot with infrastructure and security teams at large(r) companies. They are constantly up against the opportunity cost of which security threats to fix first with the limited resources those teams often have. This is accompanied with needing to gracefully manage the political ripples of locking down systems that might disrupt other departments/business processes that were not initially designed with security in mind. I’ve seen firsthand the hot-headed director/VP who was hired on day one, who yells the loudest that they won’t make their sales target or some initiative is slowing their teams down, and crucial infra projects are delayed despite a well-articulated risk and threat assessment aiming to protect the company. All the while, the security experts in the room have their own jobs and teams they are trying to protect and not make the wrong move (and maybe get a ransomware attack) and get the whole team fired in the heat of the aftermath.<p>With more and more folks wanting to work from home, this further complicates the extant balancing act of how to securely give systems access to remote employees.