Hard to believe, but there was a time when IT executives on tight budgets didn't think twice about letting power end users connect to the corporate network using home PCs.
But with today's heightened consciousness about network security, and with the steady stream of vulnerabilities in the news, such liberal computing policies no longer make sense.
On the vendor side, some of the emphasis about how to keep an operating system secure is shifting away from the patching process and into the realm of building tougher perimeter security. Companies like Cisco Systems Inc., InfoExpress Inc. and now Microsoft, are developing perimeter access methods that quarantine a PC that doesn't have the proper virus definitions.
Many IT shops, particularly those in engineering fields with big populations of power users, have made changes in light of their new security needs. Tennessee Valley Authority (TVA), the Knoxville, Tenn.-based power company, has a new policy that forbids users access to the network with personal equipment.
Personal machines a no-no on the network
Jim Purcell , manager of IT security and standards at the TVA, said he has two programs in the works. First, he's making more applications available through a portal, so employees can still use their home machines for applications such as e-mail and payroll. Second, home users must use company equipment.
"It's a big issue for us," Purcell said.
Purcell said the TVA has also installed an InfoExpress perimeter security system that verifies PCs as they come in through the firewall.
"We used to let people take work home, but we can't buy laptops for everyone," Harings said. "We decided that for those who must work at home, they have to use a managed IT asset."
Haring's company also put in place a policy that requires anyone who accesses the company network, contractors in particular, to sign a statement saying they have the latest virus definitions.
Some experts said that the business of making individuals sign sworn statements about whether they have proper virus protection lacks real teeth. "Some people will sign anything just to keep a job," said Jeff Duntemann, an author and IT expert based in Colorado Springs, Colo.
Enforcement worth the cost
Duntemann said IT administrators must create strong policies and enforce them, even if it costs more money. Not all costs are easy to quantify, but the new threats make the matter more urgent. "We always insist on controlling the machines used for telecommuting," he said.
Though the arrival of Microsoft's Windows XP SP2 is generating a lot of buzz because of its built-in firewall and other security features, it doesn't really address the problems of enterprise IT, one expert said.
"It nags people to do the right thing, it doesn't force them to do the right thing," said Mike Cherry, an analyst at Directions on Microsoft, a Kirkland, Wash., consulting firm.
At Microsoft's recent Partner Conference, the company revealed intentions to develop Network Access Perimeter, which inspects a PC, or any device, from the moment it enters a firewall. If the machine doesn't have proper virus definitions, it is quarantined, or given limited access, until it can be brought up to date.
"I think it's the right way to go," Cherry said. "Over time, all organizations will want to do this."