unfortunately among many circles, it is the opposite. More and more "zero trust" .. more logging and audit, more spot checks, more re-logins .. It is a culture clash, always-on networking has made it much worse, since security professionals have endless lists of problems they see.
> More and more "zero trust" .. more logging and audit, more spot checks, more re-logins
Shades of HIPAA. It tries to tackle security and privacy of patient data but it winds up applying large corp requirements (inappropriately) to small practices. There seems to be little distinction of who the regs are being applied to.
One upshot is that small practices have to dedicate resources to understand/audit/report/comply with requirements that don't apply to them.
ex: Extensive audits of how a practice secures local patient data that doesn't exist - because it fully resides on remote provider platforms.
unfortunately among many circles, it is the opposite. More and more "zero trust" .. more logging and audit, more spot checks, more re-logins .. It is a culture clash, always-on networking has made it much worse, since security professionals have endless lists of problems they see.