In the past few months, I found myself quite frustrated with the perplexing security measures taken by some companies. Often enacted without proper consideration, these measures can lead to unnecessary complications.
One example involves a client who is part of a larger corporate entity. This corporation required all contractors with system access to work on Windows computers under their control. Our team, working on Mac or Linux for many reasons, faced a wall of refusal when trying to connect using our preferred VPN client. The solution? We decided to tunnel all the traffic to their network from our Macs through a Windows laptop they provided. This laptop now sits idly on a desk, freeing us from carrying two computers and humorously reminding me of a story about a guy who outsourced his job to China.
Then there's the case with Google. We were developing a platform for a client meant to be integrated into a Google service—a vital step for the platform's survival. But getting our domain verified turned into a labyrinthine ordeal, taking an unclear amount of time. Stuck in this quagmire, I noticed that the domains of major providers like Cloudfront, Cloudflare, and Akamai were already allowed. A spark of inspiration led us to write a little reverse proxy, loading our content through one of these domains. It worked like a charm, and Google was none the wiser, leaving a gap in their security measures they likely won't close.
These experiences are more than just frustrating anecdotes; they reflect a recurring issue. People are making others' lives more difficult in the name of security, often without understanding how simple it can be to bypass these measures. Remember these stories the next time you find yourself on the receiving end of a rigid security policy. Think twice, and question if the procedure is as ironclad as it seems or just another hoop to jump through. Perhaps, like us, you'll find that navigating these security mazes is more about creativity and less about compliance.