BP (an energy company) has decided to remove laptops off their LAN
http://software.silicon.com/security/0,39024655,39156608,00.htm
Ken Douglas, technology director of BP, told the UK Technology Innovation & Growth Forum in London on Monday that 18,000 of BP's 85,000 laptops now connect straight to the internet even when they're in the office.
When I first read this story I couldn't believe what they were doing, but after thinking about it a bit, this is a brilliant idea. If a user has a laptop, they should be able to work while not connected to the LAN, so little should change by forcing them to work remotely. As soon as a laptop leaves a controlled environment, such as a corporate LAN, it should never be reconnected to that LAN. This is a bit like finding a
cake on the street. Are you going to eat it? Probably not.
I don't have any numbers, but I would not be surprised if most corporate virus and worm infections come from laptop users. This story has me reconsidering my current ideas on good network design. I'm now wondering what else can be segmented in a manner that won't impact productivity, but will increase security.
