One of the largest challenges I have faced over the years is implementing distributed solutions in a secure way while keeping the companies IT operations centralised. I have often found that more than a little politics gets in the way. I recently worked in a PCIDSS environment and the overhead to operations was significant, passing audits was always a battle and yet in my view fundamental issues existed that the PCI audits were not raising.
You may have seen the movie but I always aim to establish a circle of trust, all devices and people in it should be trusted. If they are not you need a smaller circle.
But beware as its a lot easier to shrink a circle that it is to open it up again and the net effect can be companies with far too many (zones / segments / firewalls).
Industry Standards (% indicates how many roles request experience compared to the other).
Professional Accreditations