Guys, I would like some suggestions to deploy a safe setup for a data scientist profile within the organization.
This professional has a profile very similar to development: Python programming, uses Jupyter notebooks and Pandas. At the end of the day it means that he uses Linux and needs to install applications freely, and should be free to download apps and source codes.
How to securely provide a workstation where the user can freely install applications for development purposes?
There should be limits to letting an individual have free reign over a corporate device. Once an "image" is built according to the users specification then Admin access should be controlled and provisioned carefully. There is a lot that can go wrong with a backend data scientist's workstation having access to corporate data. That is too big of a risk IMHO.
Seems like a good candidate for separate dev and prod systems. In dev, the Data Scientist get full control over the system, but with access to only simulated data. In prod, they get production data, but on a machine built/maintained to approved specs.
And, ideally, separation of duties would come into play at some point.