u/LongButton3

We lock down our corporate laptops like fortresses. EDR, DLP, all of it. Then a contractor logs into our HR system from their personal Chrome on a Saturday afternoon and we don't even blink.

You can't install agents on devices you don't own. You can't enforce policies on browsers you don't manage. Half our vendors access shared drives from whatever laptop they bought at Best Buy and we just accept it.

Asked our rep at the last security vendor about monitoring unmanaged browsers and got a blank stare. It's not that the tools are bad, it's that BYOD browser security is the gap nobody's building for.

What are y’all doing about contractors and vendors on personal devices? Just curious. Looks like something that may come to bite.

Did a consulting gig last year for a mid-size company moving their first workload to AWS. Their security lead came from a decade of on-prem and brought the entire perimeter playbook with him. Firewalls, network segmentation, all of that. I could see where this was heading.

Third week in, a developer provisioned a public-facing load balancer with a single click. The security lead lost it. "But we block those ports at the network level."

No you don't. Not anymore. Your developers can spin up public infrastructure faster than you can open a ticket. The control model you had in the data center simply doesn't exist here.

I'm posting this because I keep seeing teams burn months and millions trying to recreate their data center in AWS. The perimeter model doesn't translate. The sooner security teams accept that cloud is a different paradigm, not just someone else's server rack, the sooner they stop fighting the platform and start actually securing it. That's the message I wanted to get out there.

[ Removed by Reddit on account of violating the content policy. ]