With the two-man rule, the two man are the users. They are not the people building and maintaining the hardware switch that implements the two-man rule. Now thats obviously a silly distinction because it was a simple electric circuit, but nowadays everything runs on Linux and real operating systems, and you need people to maintain them continuously.
Lots of enterprise setups have complicated RBAC/ACL/audit setups where sysadmins/DBAs are only given the bare minimum permissions necessary to complete their required roles. I seem to recall an article from a while back about Google changing some policies after a sysadmin was found to be accessing private user data, to require additional oversight/signoff, or maybe even active observation. Unfortunately, I can't find the article I saw it in, so I may be mistaken.
Technical measures and policies can go some of the way, but I think protecting against a motivated internal attacker with some level of elevated permissions is going to be a tough thing to achieve.
