Our secops guys broke most of our laptops so the engineering teams can't use them for development. They told them to use a Hyper-V VM. So they do. With a Hyper-V vswitch that talks directly to the ethernet adapter rather than the VPN connection. So effectively their policy leads to all those SSH keys, AWS credentials and other stuff to be stored on a virtual machine which is connected directly to the public internet and bypasses all DLP and security controls.

The more I work with secops people the more I fail to trust or respect them.