Separating out your sensitive data processing from your general internet access is a highly sensible precaution when you don't want your sensitive data to be exfiltrated The fact that many organizations allow email and web on their sensitive machines is what makes spear phishing so easy (see RSA). Sensitive information is much easier to protect if its kept in a controlled environment and you use remote desktop technology to access it.
The only way you could say this is lala-land is just to point out that most organizations take nearly zero precautions for protecting their data and then just stand around looking sad when something bad happens.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds