We haven't had an FUIT article in a while, but with March Madness over the past few weeks, I was reminded of something I used to do when I had a real job. Nowadays, you can watch games online, and the cool companies will just let that happen. Of course, those companies aren't all that productive during that time, so the odds are that any streaming video served up via the web from CBSSports.com is blocked so you can't watch the games on your computer. Such was the case for me a few years ago, but I had a trick up my sleeve.
I had a Slingbox at home, and while I knew I couldn't access it at work via its default port (5001) because the firewall only allowed outbound ports 80 and 443, I decided to try running the Slingbox on port 443. My cable company didn't block that port inbound, and my company's firewall didn't actually validate that the traffic on that port was SSL traffic. It worked, and in my basement dungeon of an office that week, we had a bit of a party :)
I know that at that time, what I did was above the head of most normal users (let's call them "normies"), but it's been six or seven years. An increasing number of users are familiar with ports from online games, and an increasing number are becoming confident in their ability to skirt IT policies and procedures. Of course you can get fired, and of course it's against the rules, but only if you get caught.
Nowadays, you have other uses, too, like Dropbox, that companies block even though employees want to use it. With nothing more than a google search for "how to access dropbox behind a firewall," users can get step-by-step instructions for how to set up a proxy server. The short version of it is to set up an SSH server at home, connect to it to establish a secure tunnel (which means IT can’t classify it as anything other than secure traffic on port 443), and tell dropbox to use your new proxy setup for data instead of the normal internet connection (one address in the config screen).
Even a normie could set it up in just a few minutes using PuTTY. Yes, it's still probably for above average users, but the instructions are clear and unassuming, and as I've said before, it only takes one user (and one proxy!) before anyone can do it. And keep in mind, this also works for more than just dropbox!
It's just something to keep in mind as you're fleshing out your consumerization strategy. There's seemingly always a way around things, and policies only go so far. The roadblocks put in place don’t work in all scenarios, and when you think you’ve got all your bases covered, someone will either skillfully or luckily find their way around them. Do you embrace their uniqueness and try to enable it in a secure way, or do you attempt to go into lockdown and hope that nobody can get past?