I’ve listened to “The fortified data center in your future: Build it now and they will come” (http://www.microsoft.com/belux/technet/nl/chopsticks/default.aspx?id=449), given by Steve Riley in Brussels. I like very much his way of presenting that stuff because it forces you to think about what we are doing in the IT business.

First of all I like to point out a typo in your blog: “TCP protocol 50″. IPSec in de IPv6 world uses IKE (UDP 500) en ESP (IP protocol 50).

At our customers I don’t see much difference between mobile and fixed corporate assets either. The most important point is that both should be well managed before you can trust them.

Now, the point of outbound access control is a little bit nasty. From my experience it is very hard to do it well, unless you are willing to invest a lot of time and money, or you can work with a white list concept. In practice, I don’t see neither of them at our customers. I mean that a knowledgeable user can in most cases easily circumvent the implemented controls.

Moreover, when the mobile corporate asset is outside the corporate building and not connected through the VPN, the user can inherently access the Internet freely. So, in this case there is no outbound access control possible at all. Maybe we should solve that problem in a complete other way and make the user legally responsible for his actions, even if it is with the help of a corporate asset.

Kindly,
Stefaan