Anyone actually remove Expand between Dev and Production/BCP?

[Bob4117]

We are looking to improve security and we're discussing removing
Expand between our development node and the production and bcp and QA
nodes. FUP DUP change to NDM and/or FTP. Our Virtual Tape Backup/
Restore solution may be a problem as the vendor's software runs over
Expand.

There are solutions to logically isolate Development, but Physical is
what is strongly being considered.

I'd like to hear from those who have successfully done this.

Thank you,
Bob

[mustlearntandem]

Interesting idea but seems to be somewhat overzealous and possibly
less secure. TCP/IP is hardly more secure than Expand, which at least
provides remotepasswords that can effectively isolate the systems.
You will still require a secure Safeguard configuration on the systems
because FTP can easily overwrite an object with malicious code. It
would seem you will also need to provide Telnet access to production
for management - something you would not need to do if Expand were in
place.

I am curious as to what exactly the reasoning is behind this and why
would anyone believe TCP/IP, even though is can be managed, is more
secure? And one final thought... I presume you are not running Expand
over TCP/IP or this would be a moot discussion.