I guess the goal of Security is to not become the next OPM or Hacking Team.
I agree with what you say regarding perimeter security, a concept quickly decreasing in relevance in today's environments. Unfortunately, when you have thousands of people working for you that don't know how to computer, you have to take steps to ensure that the data and functionality that they're handling remains protected.
Additionally, a large amount of attack surface exists on the client side, and with these two factors at play you're dealing with a lot of non-trivial trust relationships within your organisation.
Yes, ideally every system would be an island, and everyone who was supposed to operate it could do so securely and competently enough that they'd realise if something was wrong.
Until then, corporate workstations live in a locked down world where all external access is monitored and scrutinised.
I agree with what you say regarding perimeter security, a concept quickly decreasing in relevance in today's environments. Unfortunately, when you have thousands of people working for you that don't know how to computer, you have to take steps to ensure that the data and functionality that they're handling remains protected.
Additionally, a large amount of attack surface exists on the client side, and with these two factors at play you're dealing with a lot of non-trivial trust relationships within your organisation.
Yes, ideally every system would be an island, and everyone who was supposed to operate it could do so securely and competently enough that they'd realise if something was wrong.
Until then, corporate workstations live in a locked down world where all external access is monitored and scrutinised.