Why is Sally accessing this service from a non work computer at 3 am her time with a chinese IP address? Sure this request has the password but that doesn't sound valid.
Which means you can automatically perform additional validation with MFA, or straight up deny access.
There's a lot of options really. You can only allow access to certain systems and/or services via company devices enrolled in MDM, with up to date OS, encryption, and endpoint protection. You can verify endpoints and users with passwordless auth via Beyond Identity and in certain cases use additional MFA via Duo or whatever you want to set up.
Sally is trying to log in to her company email. She's authenticated via passwordless auth via Beyond Identity on her work computer. Her work computer passes the health check seamlessly through BYID and allows her to access her email. Maybe she's also prompted for MFA always, or maybe only if she's logging in outside her normal geographic area on her work computer. Maybe (e.g. email) access is denied totally if from a non-company device. Options...
Oh, and "water cooler" time is good for generating trust and forming bonds within teams, which is essential.
My experience is that it does the opposite. It creates cliques and promotes the idea of promoting for socialization rather than for results. I think good, skilled workers who want promoted based on merit see it as sowing distrust... a mechanism for those that aren't as capable or as ethical to avoid work while "schmoozing" the bosses.
Yes, if you want bad employees to trust each other, it's good. If you want to have employees you can trust to protect your business, it's bad.
@scottalanmiller I have not had to do that before with a normal backup to a .bak and then restore. Not some an place move like it seems you are doing.
Happens if going to a space with a different storage layout. If you are coming from Linux you are probably fine. But Windows injects the drive letter into the path (obviously) and so going from one machine to another that doesn't keep identical storage path names causes the issue.
if the OS rather than simply flagging that file on the drive as being corrupt, would rather flag the whole drive, it comes across as a rather short sighted screwup.
This is actually what it does. Except not the OS. The RAID controller (hardware or software) flags the file (array) as being corruption, not any drive. Any drive(s) with a URE are flagged as being healthy.
If you were to divide up the drives into many arrays, and you hit an exposed URE, only the single array (file) in which the URE was found would be corrupt. The drives, and other arrays (files) on them would be just as healthy as ever.
It only comes across as a short sighted screw up if you don't realize that the "fix" takes us right back to where we already are.