Also your data is meant to be private and accessed by a single person. Basically a big wall around your stuff with a single door.

Corporate data, by design, needs to be accessed by many people inside and outside the company. So they are adding another door for each person, department, or API that needs access. Even if the wall is higher and stronger, it’s still full of doors to try.