The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google -owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.
In addition, some employees will have no root access, meaning they won’t be able to run administrative commands or do things like install software.
I mean, that is all really good?
If a machine does not need internet access, it should not have it. Airgaps/incredibly restrictive firewalls are pretty much the only true defense for attacks and social engineering.
As for developers: If you are making enough money to justify needing this level of security, then you can afford to buy everyone a second computer/laptop.
At my old gig this was exactly the development model. Sensitive material happens on the computer on on side of the office, non-sensitive development and communication happens on the other. Wheel between desks depending on my task.
Same with root. No developer needs root if you have a competent-ish IT department. At my current gig, we actually use a VDI setup where asking for software to be installed on my “workstation” is literally a pull request that an authorized staff member approves.