No Accountability (Score 1)

I too work for a company that tends to be over-zealous with user desktop security. The real root of the problem is that we have IT organizations that worship the gods of security ideals and put that above all else, even to the point that it has a negative impact on the company's bottom line. The average employee is trying to get their job done in the most expeditious manner possible. When security policy begins to inhibit the way 99% of decent employees are doing their job to prevent the 1% that are malicious, the issue needs to be addressed by management. The pros and cons need to be evaluated and a consensus reached.

It simply boils down to a lack of accountability. Most IT organizations are now allowed to make decisions unilaterally for the entire business, even if it results in creating unnecessary or exorbitant expense. I know of IT security managers who would be perfectly content to see their employer go down in flames as long as the noble ideals of their security policies were never violated.

The IT security discipline has boomed over the last few years and I fail to see how the situation has improved. In fact, it has only worsened. We don't need more security admins... we need security admins who are committed to the same goals as the rest of the organization and make THAT their first priority instead of worshiping at the feet of noble theory. The principle job of a security admin should be ENABLING users to go about their work in the most secure manner possible, not preventing them from getting the job done. Big difference.