I faced this issue again today with one of my cloud providers. They have a strict and uncompromising policy that hinders them from providing satisfactory service. They overlook the intricacy and variety of their customers’ needs.
Their choice has left me feeling frustrated, disappointed, and hopeless with their inadequate information technology governance and systems development life cycle controls.
They have implemented Two-Factor Authentication for all users, which is a commendable security practice, but they have neglected the instances where it malfunctions. I am one of those users who cannot access this feature due to a software glitch. They have shown no effort that I can discern to resolve the glitch, nor can they turn off the feature for me. I am stuck with a cloud service that I pay for but cannot utilize effectively. Here are some reasons why all or nothing rules do not work:
They ignore the subtleties and variations that exist in most situations. There is a difference between aiming for excellence and demanding perfection.
They establish unattainable standards that are impossible to meet.
Rules have never been flawless in any information technology environment.
As we design controls, we must avoid the “all or nothing” approach. We have to have internal controls that are balanced and realistic.