I see this daily in our banking megacorp. We have IT security team(s), which permeates all other IT activities like ink on paper. On its own its a good approach obviously, we weren't for example hacked or scammed in any high profile case, ever.

But there is no limit to how much additional security you can bring, so they do bring all of it. Recently had to get new Tomcat distribution deployed via Chef tool, of course our own package of it. Now it runs under 2 unix users, each owns various parts of Tomcat. Main startup config (options.sh) is owned by root, to which we will never ever get access, one has to do all changes in a complex approval and build process via Chef. Servers disconnect you after 2-3 mins of inactivity, if you deal with a small cluster you need literally ie 16 putty sessions open which constantly try to logout. And similar stuff everywhere, in all apps, laptops, network etc.

All this means that previously simple debugging now becomes a small circus and fight with ecosystem. Deliveries take longer, everything takes longer. Nobody relevant dares to speak up (or even understands the situation), to not be branded a fool who doesn't want the most security for the bank.

I would be mad if this would be my company, but I go there to collect paychecks and sponsor actual life for me and my family so can handle this. For now at least.