With consumerization or even desktop virtualization, organizations are faced with the new issue of dealing with all these devices coming in on the same network. We have our managed corporate devices on the corporate LAN, and many organization's approach to wireless devices is to stick an access point on the network and let users connect to it. Some people may laugh at that, but the truth is that it happens. Perhaps there's some authentication involved so that users need to be authorized before connecting to the network, but the network that they access remains the same.
Now that mobile devices that gulp data down are in everybody's pockets (perhaps even more than one), these wireless networks that were once almost entirely for managed devices that didn't pose a huge risk are now being used unwittingly by unmanaged devices, too. Sure, companies have ways to secure things, and many organizations have guest wireless networks that are treated as only slightly more secure than the internet itself, but in many companies there are just two networks: the Outside, and the Inside.
So, what's a company to do when embracing consumerization, specifically BYOC and BYOD? They could create special networks for each device and force the unmanaged devices on to those networks. There could be different tiers of networks, too, with varying levels of security based on who the desired users are, with more or less security between them and the datacenter based on how managed the devices are.
Or, you could just treat everything like it's the internet. As time goes by and fewer apps, data, and computing happens in cubicle-land, instead moving into the data center or into the cloud, why even bother managing the endpoints at all? Instead, why not make them unmanaged, treat the users like they're coming in from the internet. You could still have them pass some sort of compliance test before granting access to applications and data, but leave it up to the user to maintain the device.
It's not terribly different than a situation where a user works from home with their home PC today. If a user passes some tests, they can have the app streamed to them, or have access to files so that they can edit them locally. If they fail or can't run the test, a more secure, more centralized approach can be used, say, with cloud apps or desktop virtualization. The end result, though, is that the organization can finally rest easy knowing that the datacenter isn't sharing the same network with the endpoint devices.
Sure, it's not very flexible, and the more ambitious organizations will adopt something more along the lines of this, but with more networks. Still, you get the idea:
The thickness of the inside border represents the
level of security between the network and the data
Nonetheless, this is an option that I've actually heard end users talking about. We've been talking about it internally for a while now, wondering if people would do it. When someone in the field brought it up to me, I figured it was time to bring it up and see what everyone else had to say about. So…what do you think? "Crazy?" "Not in my house (but maybe in others)?" Or, "We're doing this now, thank you very much!" Think about this paired with technology like VMware Horizon, Citrix Cloud Gateway, and then with mobile application management. There might be something to this after all.