Comment And now it all makes sense (Score 3, Interesting) 76
My workplace gets regular audits from our clients, usually every 3-24 months depending on how big/paranoid the client is. JP Morgan Chase is one of them.
We could tell the audit this summer was a bit different. It took about twice as long and went into much more detail than usual specifically regarding our tech side. After the audit, we got an unexpected list of demands related to stopping leaks.
Now, we don't handle sensitive financial information for them, so it's possible they were just trying to cover all their bases and we got stuck with security theater. Irritatingly, everyone in IT immediately recognized that the demands wouldn't actually prevent leaks. When you have a company full of employees who regularly use FTP, email, and even dropbox to send files to clients, you're simply not going to be able to prevent it.
After months of back and forth trying to kill some of the more ridiculous demands -- like blocking access to Gmail, which we use for company email -- they simply wouldn't budge. We've been wondering why they're standing so firm about it, and now it all makes sense.