End users no longer have to rely on corporate networks for Internet access. As such, the antiquated, draconian IT controls around Internet access need updating.
It's a scene being replayed at businesses all over the world: Employees have seemingly infinite access to a vast array of technology that allows for uncontrolled access to the Internet.
The evolution of IT controls
To get fast access to the Internet at work in the early days of the World Wide Web, IT needed an expensive T1 or other private circuit behind a firewall. The firewall was maintained by the only person who seemed to have the arcane knowledge to make it all work: a UNIX system administrator. High-speed access to the Internet outside of academia or the workplace was, for the most part, out of the reach of Joe User, a captive customer of the IT department. Remotely accessing the network from home was typically not allowed, and slow dial-up speeds made it difficult to run line of business applications remotely, anyway.
Today, high-speed Internet is available practically everywhere, from Starbucks and the local public library to airplanes and trains and homes, through Wi-Fi and cellular networks. Many businesses allow remote access, though not without some tribulation. To gain access to the network, the user often must go through a clunky virtual private network (VPN) client on their device and submit to security scans.
Unfortunately, in many workplaces, how the IT department delivers Internet service hasn't changed much over the last two decades. An IT person likely decides who and which devices are allowed to access the network, and even which sites users can visit. Many departments block streaming media sites such as YouTube and social networking sites such as Twitter and Facebook. Users who legitimately need access to these sites have to fill out forms and wait for someone to approve or deny their requests.
IT has become the Internet police
In the '90s this approach may have worked, but today it is unrealistic to think that users won't find ways to escape from IT controls. The corporate network is just one way users can access the Internet, and it has to compete with all the consumer options out there.
IT's broad mission is to protect corporate technology assets. Giving users more freedom around Internet access might seem counterintuitive, but strict policies can actually drive users to potentially problematic alternatives. It's easy for a user to set up a secure outside proxy that bypasses corporate rules. Directions are a simple Google search away. Locking personal smartphones and tablets out of the corporate network encourages users to use MiFis and phone tethering.
Shedding the Internet police mantle
IT's offerings have to be on par with consumer offerings. Fortunately, there are ways to achieve this goal while maintaining a secure, controlled infrastructure. One way is to implement guest wireless networks at workplace sites. Many wireless controllers can set up separate WLANs. One could provide Internet access for employees' personal devices but not a direct path to the data center. This network would be similar to the Internet café's, except with better security. Higher-grade wireless encryption, such as Wi-Fi Protected Access 2 (WPA2), should be required, but the bar for accessing this network should be low. Mitigate effects on the corporate network by routing guests out on an inexpensive, high-performing broadband connection, such as cable or DSL.
Instead of using clunky, IT-installed VPN clients, look to options such as Secure Sockets Layer VPNs from Citrix Systems, F5 Networks and others. Emerging options for company-provided PCs are available, too. Microsoft DirectAccess, for example, allows Windows 7 and Windows 8 machines to have a persistent, encrypted connection to the company network anywhere Internet access is available.
Whatever the approach, IT must shed the Internet police mantle and relinquish enforcement of acceptable use to the business side of the house, where it belongs.
This was first published in October 2012