Craig LaHote is struggling with it now, and just a week ago he had a meeting with executives about it.
"We're having a hard time controlling it. It's a real gray area with home computers accessing the network and the Internet," said LaHote, network administrator at SR Equipment, in Toledo, Ohio. "We really have a hard time enforcing policies there. We have a policy but no real way to audit [users] except basically asking them to comply."
The problem is both social and technical, experts say. For one, users on home machines behave differently, even if they're accessing work assets and if policies are in place. They tend to disable security when they can and tend to want more control over security.
It's a hard-to-define behavioral issue, one expert said.
"Technology will solve less than half this problem," said Fred Rica, a partner in the technology risk services practice at PricewaterhouseCoopers. "The other portion is working with people's behavior, and I'm not sure anyone knows how to do that with telecommuters yet."
On the technical side, the rise of always-on connections such as DSL (Digital Subscriber Line) and cable at home means users will tend to leave connections open more. Without a personal firewall, such a computer is a gaping hole for an enterprise.
