The dark side of layered security
Layered security is currently considered a best practice for enterprises, since a single layer of defense against attackers is no longer enough. Sometimes, however, these layers can have unintended consequences and even make a company less secure than before.
Sourced through Scoop.it from: www.cio.com
Making too complex and too complicated solutions leads down the path of Shadow IT. And then you have lost control completely.
I do not agree with forcing users to use different logins with different passwords to every system. It will just force people to take shortcuts, or at least use password managers. There are good SingleSignOn tools. Use them! Use Multi-factor Authentication! And use encryption everywhere!
IT must first of all think of the users. The only security that works is the one that’s used, and to be used it must be simple for the users, implementation, developers and admin.