When work for a big IT team at a company that's already invested a fortune in on-prem storage and your job depends on pre-cloud procedures, you keep your mouth closed and do what's asked of you. After all, if the company gets hacked, it's usually just the CISO that gets fired. Not you.
You made a very good point about Windows GPOs. The delivery mechanism for them vs. how macOS does it shows how dated of a paradigm they are. It's bringing back memories to me of importing ADMX templates, gpupdate.....
Scenario 1: Keep head down, company gets attacked, shrug shoulders.
Scenario 2: Sell solid security and backup principles to management, fighting annoying budget and corporate culture battles along the way. Company does not get attacked. Nobody notices.
Scenario 3: Quietly set up an immutable backup service with hourly backups for your enterprise without anyone really noticing. Company gets attacked. "Actually, we do have backups. We can just reformat all those Windows machines." Hero!
> backup service with hourly backups for your enterprise without anyone really noticing
Well, except this is similar to #2 as it will likely stand out in the budget - especially the initial setup. IT being a cost centre has to fight for every penny in most non-IT-centric organizations.
Plus, the hackers will still threaten to release your corporate data (i.e. emails, client info) which would compel most companies to pay-up.
Bottom line: every company needs good backups, intrusion detection, and system hardening (with 3rd party review).
You made a very good point about Windows GPOs. The delivery mechanism for them vs. how macOS does it shows how dated of a paradigm they are. It's bringing back memories to me of importing ADMX templates, gpupdate.....