Justifiably you have the questions poking around in your head about why you should limit physical access to data?
The answer is quite simple::: first of all let’s start with a definition of what I actually try to express with this statement.
Physical access refers to any one of your employees being able to plug in a USB device or other mass storage system to their computer, or worse, The servers or other parts of the network which contains sensitive information.
There’s also obviously applies for access to network/RJ45 which are quite common to be found out in the wild of any corporate building on the planet; very few exceptions.
With access for employees being limited, or entirely disabled, the possibility of extracting a large amounts of data and providing them for league is decreased significantly.
An example where this policy would’ve been quite useful were the large data leaks of the recent past, namely the paradise papers, several banking hacks Etc.
If the hardware would’ve been properly set up including endpoint security measures, as well as two-person access only to server rooms, etc. we would’ve never had to speak about such incidents.
As opposed of the old way of keeping records by means of filing papers, which could have easily been copied and extracted modern data storage solutions do provide an extra level of security; that is, if they are properly implemented and sufficiently secured by experts.