Seems like they could have a machine with higher level access air gapped, and a less secure machine for browsing the internet but not internal tools. Would still suck for copy paste and things of the line, but would probably work in most cases.
I would think that this would be an approach that absolutely makes sense for corporate infra systems like domain servers, systems with access to network configs, etc.
Maybe adding an additional security tier? Something like “sandbox dev” where new third-party libraries and technologies can be tested and a “production dev” which is more restricted. That might be the “right” way.
The problem that I’d see is that productivity, development velocity, and release cadence would all take a nose-dive as software engineers have to continually repeat work, roughly doubling the real amount of work needed to release any piece of software. This would likely be seen as incompatible with modern business and customer expectations.
Seems like they could have a machine with higher level access air gapped, and a less secure machine for browsing the internet but not internal tools. Would still suck for copy paste and things of the line, but would probably work in most cases.
I would think that this would be an approach that absolutely makes sense for corporate infra systems like domain servers, systems with access to network configs, etc.
Maybe adding an additional security tier? Something like “sandbox dev” where new third-party libraries and technologies can be tested and a “production dev” which is more restricted. That might be the “right” way.
The problem that I’d see is that productivity, development velocity, and release cadence would all take a nose-dive as software engineers have to continually repeat work, roughly doubling the real amount of work needed to release any piece of software. This would likely be seen as incompatible with modern business and customer expectations.