Soooooo, why is it that so often 'security' just means bloody mindedly getting in your way for no reason?

Coz I fail to see how whitelisting a subnet of private IPs that are already only accessible through company VPN presents any kind of security risk, especially since the blocking software is literally only on our company laptops and can be easily bypassed by being on the VPN on *any other device*. But nooooooo, we have to go to the this other company our umbrella company owns (who by the way are making every dev at our company redundant in six months) and beg them to change each individual IP address every time we create a service.

Really does feel like security often means either 'our parent company doesn't understand security so we just need to go through the motions and *look* like we are doing things properly' or 'we just want to get in your way enough that we win in the who gets made redundant fight because you can't actually get any work done and we can'.

Bonus points: on the website for the blocking software they use, it literally recommends using Internet Explorer for everything. I'm surprised they haven't tried to enforce that on us as well.