In a rapidly churning startup phase, where new releases can and do come out constantly to meet production requirements, this one size fits all mentality is impractical.
If you refuse to whitelist the deployment directory, you will be taking 2am calls to whitelist the emergency releases.
No it can’t wait until Monday at 9am, no there will not be a staged roll out and multiple rounds of testing.
I am more than willing to have a chat; you, me and the CEO.
It IS bespoke internal development, not for deployment outside of the facility.
The computers running the software exist only to run this software and have no business talking to the internet at all.
IT is provided by an external third party vendor who operate on an inflexible “best practices dogma”.