For the nefarious employee, they’ll figure something out. If these machines are on a network of any capacity a method of stealing/hiding/destroying data will be found. If you allow sharing, you allow stealing.

The the nefarious hacker, social engineering will get them access.

I’m curious how heavy lockdown places (like the NSA) approach this. My guess is through eliminating the nefarious employee to begin with via incredibly tight screening and background checks, etc. And even then it doesn’t work in all cases.

These techniques would be out of reasonable reach to the average enterprise, so I think they have to take reasonable precautions against the known risks and trust in the integrity of the employee and treat them respectfully. If you treat them like criminals, there’s more chance they’ll act like it out of spite.

Of course, I haven’t read-the-fn-article yet, so what do I know?