Like most things related to IT that cause problems, the root issue has nothing to do with IT.
It’s like at any other company where top management gets excused from other IT enforcement. Not because IT cannot enforce it, but because they’ve specifically been told not to.
Which also means, this isn’t some mistake. Someone had to purposely allow the access.
