I work at a large IT company and there is so much fragmentation and inconsistent security policies that seem to come from knee-jerk decisions by middle managers that have been chewed up because of specific security exposures.
This ends up being difficult for an end user as you end up jumping through extra loops for a service that less important that the one you normally use.
Security personnel, don't listen to reason, they just perform their goosestep and salute to the leader.
If I find a loophole to make my life easier I will use it.
Companies need to realize security needs to be thought out and need to be integrated properly, not a strap on what I see used by large companies.