I don't think poster was complaining, specifically, that the security policy wasn't designed for people who care about security. In my opinion the issue is that they replaced an up-to-date and robust set of policies and tools with out-of-date tools and procedures. In addition they removed agency from their employees by installing an endpoint security tool on their machines.
I have to say, I agree! Once an endpoint security tool gets installed on my laptop and my administrator privileges have been revoked, I would definitely feel like the security of the unit was out of my hands. IMHO, this makes the organization almost entirely reliant on software and policies (which likely go unread) for security.
My belief is that this will result in an overall less secure posture for the organization as a whole. As this poster points out, his password is now less secure because whatever tool judges its strength is behind the curve. Other people may be more prone to open suspicious email under the impression that the endpoint security tool will take care of it. And so on.
I have to say, I agree! Once an endpoint security tool gets installed on my laptop and my administrator privileges have been revoked, I would definitely feel like the security of the unit was out of my hands. IMHO, this makes the organization almost entirely reliant on software and policies (which likely go unread) for security.
My belief is that this will result in an overall less secure posture for the organization as a whole. As this poster points out, his password is now less secure because whatever tool judges its strength is behind the curve. Other people may be more prone to open suspicious email under the impression that the endpoint security tool will take care of it. And so on.