Securing your macs

I wanted to ask how folks at thoughtbot secure their macs. I have seen IT Admins force unnecessary measures in the place I work such as:

  • Forcing all traffic through their proxy servers when I am on VPN. They also prevent many websites from being accessible through the proxy

  • Enable full disk encryption - File Vault 2, thus slowing the system down

  • Installing antivirus

So my question is, since you folks also handle confidential data/code so how do you make sure it’s secure without losing any productivity of the developers

Particularly if your machine is a laptop and therefore easy to walk off with (even if you never move it from your office), I think installing full disk encryption is a reasonable precaution. It’s one of the requirements Github institutes on their systems when they use Boxen for configuration management.

Not sure about the others, as I haven’t used those measures in the past on OSX boxes.

Although I agree with @geoffharcourt regarding always using full disk encryption, if you’re unwilling to go that far you could always keep your code in an encrypted disk image. You could use a commercial product like Knox, or simply use Sparse Images created using Disk Utility.