* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/)
* Fresh Perspectives on Con...

# Fresh Perspectives on Consumerization and BYOD -- Part 2

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2012%2F04%2Ffresh-perspectives-on-consumerization-and-byod-%25e2%2580%2593-part-2%2F)  
[](https://twitter.com/share?text=Fresh+Perspectives+on+Consumerization+and+BYOD+%E2%80%93+Part+2&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2012%2F04%2Ffresh-perspectives-on-consumerization-and-byod-%25e2%2580%2593-part-2%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2012%2F04%2Ffresh-perspectives-on-consumerization-and-byod-%25e2%2580%2593-part-2%2F&title=Fresh+Perspectives+on+Consumerization+and+BYOD+%E2%80%93+Part+2&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2012/04/fresh-perspectives-on-consumerization-and-byod-%e2%80%93-part-2/&ts=markdown)  
\[\](mailto:?subject=Fresh Perspectives on Consumerization and BYOD – Part 2)  
Link copied  
By [Brian Tokuyoshi](https://www.paloaltonetworks.com/blog/author/brian/?ts=markdown "Posts by Brian Tokuyoshi")  
Apr 04, 2012  
6 minutes  
[Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown)  
[BYOD](https://www.paloaltonetworks.com/blog/tag/byod/?ts=markdown)  
[consumerization](https://www.paloaltonetworks.com/blog/tag/consumerization/?ts=markdown)  
[Firewall](https://www.paloaltonetworks.com/blog/tag/firewall/?ts=markdown)  
[Mobility](https://www.paloaltonetworks.com/blog/tag/mobility/?ts=markdown)

**Fresh Perspectives on Consumerization and BYOD -- Part 2**

*This is the second of a three-part blog series exploring the issues and challenges with consumerization and BYOD. [Part 1 is available here](https://www.paloaltonetworks.com/researchcenter/2012/03/fresh-perspectives-on-consumerization-and-byod-part-1/?ts=markdown). This blog entry will explore the role of the network in addressing unmanaged devices.*

"Why do I need Mobile Device Management?", said the man sitting across the table from me.

I recently spent some time with one of our customers, and the director of network security opened the meeting in that manner. At first, I thought he was asking me a question, and I started to talk about the important role that Mobile Device Management plays with respect to managed device policy, and how that integrates with the Palo Alto Networks firewall. However, I later realized that he was opening a discussion to talk about his perspectives on BYOD.

We started talking about how there's a general belief that consumerization and BYOD are a device proliferation problem that needs to be controlled. As we talked, we both agree that the heart of the matter, the real issue is dealing with unmanaged devices, and that's a network control problem.

"The problem with BYOD is that the company doesn't have any control over what users do with their own devices. That means you can't count on the user installing anything to bring it under management", the customer said. "I can't control what users do, but I control the network, and that's where I'm going to tackle the problem."

We got into a discussion about network access control (NAC), and its use cases. NAC can restrict what devices get on a network, but is that a good way to tackle BYOD and unmanaged devices? The tough part isn't blocking what doesn't belong, but managing what should be allowed. NAC works best when you have a closed, static environment with company-owned devices. Under these conditions, it's relatively easy to define what devices should be plugged in. A company that has hundreds of retail stores may have a standard set of equipment at each location. For example, each store might have 3 cash registers, 3 point of sale devices, one PC for the manager's office, and 2 Internet kiosks. The employees may change over time, but the equipment doesn't. NAC can make sure these are the only devices running at the store, and no BYOD issues crop up because nothing else should be brought online. The challenge with NAC is handling variety, and corporate network is a much different story than the retail environment. At headquarters, there's a broader landscape of users, applications and devices, and it can get very tricky very quickly trying to manage what's what.

The next-generation firewall realigns expectations about how to build appropriate controls in the network. Because the next-generation firewall is application aware, it can determine which traffic may pass and which may not. In the BYOD scenario, a general purpose policy might allow access to low-value applications (such as the cafeteria menu) and restrict access to sensitive applications (such as the customer database). The firewall also links network policy to users and groups, ensuring that only the right users can reach permitted applications. These principles help organizations determine what should be allowed before ever getting into myriad of use case issues that arise out of identifying the things that don't belong.

Upon reflection, these are precisely the issues that's needed for tackling the unmanaged device scenario. It's the applications and users that count, and it's the network that's the point of control. The device may be the issue, but it's the network that needs the solution. The foundation for security starts with knowing who the users are and what application they are accessing, and that should be in place regardless of what device is in use. With good knowledge of the user and the application, more granular controls can address the devices. Is an employee using a corporate laptop that's up to spec? Is an employee using a non-recognized device? Address the specific conditions once it's determined that the user's allowed to access the application in the first place.

During my conversation with the customer, this was precisely the line of thought that he was going through. Although he originally purchased Palo Alto Networks firewalls to replace his legacy firewalls at the perimeter and in the data center, it provides the foundation for what's needed to tackle the BYOD issues that he was seeing. IT can permit an accountant access to financial applications from a corporate laptop with assurance that the endpoint has proper data protection measures installed. The same user accessing the same application from a personally-owned iPad may have restricted access, such as a path through remote desktop. From the remote desktop session, the user can access the application but cannot download the data locally to the device. An unknown user with an unknown iPad would see a captive portal that requires authentication before any access is allowed, and then appropriate application policies can be enforced.

With the next-generation firewall at the network perimeter, an organization can enforce controls over employee owned devices between security zones, such as from the corporate LAN to the Internet. A user might be allowed to use their personal iPad to access the web, while the firewall enforces content control policies to block undesirable browsing behavior according to company policy. In addition, an organization can tackle the issue of how to address employee-owned devices that are being used externally by implementing GlobalProtect for safe access back to the corporate network.

With these fundamental controls in place in the network, it's much easier to apply a variety of additional technologies to make a BYOD strategy even more effective. Back to the customer's original question, mobile device management pairs quite nicely to all of the controls listed above. Taking the data center example, the authorized user with the unmanaged device would have very limited access to the environment, and the unknown user would have none at all. With Mobile Device Management, an organization could provide the options for greater access after the proper controls for device policy are in place, such as PIN enforcement, lockout and remote wipe. For example, a user that wants greater access from a personally owned device might choose to install a mobile device management profile. As mentioned before, there's no way to force users what to do with their personal devices, but with the next-generation firewall securing the network, an organization can govern the amount of access from an unmanaged device. The users can choose to switch from unmanaged to managed in order to gain even more functionality. It's a win-win because company gets control over risk without unnecessary administrative headaches, and employees get access through their favorite device.

We covered a lot of important topics in that meeting, and I think the customer is exactly right. The network is the place to enforce control, whether it's a matter of dealing with applications, users or in this case, devices. In Part III of this series, we'll cover the specifics on how the next-generation firewall applies these concepts.

*** ** * ** ***

## Related Blogs

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### PAN-OS 8.1: SSL Decryption Broker for Federal Government](https://www.paloaltonetworks.com/blog/2018/03/gov-pan-os-8-1-ssl-decryption-broker-federal-government/)

### [Cloud NGFW](https://www.paloaltonetworks.com/blog/network-security/category/cloud-ngfw/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown)

[#### Modernizing Security on AWS: From Firewall Ops to Security Intent](https://www.paloaltonetworks.com/blog/network-security/modernizing-security-on-aws-from-firewall-ops-to-security-intent/)

### [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Strata Network Security Platform](https://www.paloaltonetworks.com/blog/network-security/category/strata-network-security-platform/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Powering the AI Enterprise with New Software Firewall Capabilities](https://www.paloaltonetworks.com/blog/network-security/powering-the-ai-enterprise-with-new-software-firewall-capabilities/)

### [AI Application Security](https://www.paloaltonetworks.com/blog/network-security/category/ai-application-security/?ts=markdown), [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Announces Support for NVIDIA Enterprise AI Factory](https://www.paloaltonetworks.com/blog/2026/01/support-nvidia-enterprise-ai-factory/)

### [5G Security](https://www.paloaltonetworks.com/blog/network-security/category/5g-security/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown)

[#### Protecting the Utility Grid's Digital Ecosystem, from Core to Edge to AI](https://www.paloaltonetworks.com/blog/network-security/protecting-the-utility-grid-digital-ecosystem-from-core-to-edge-to-ai/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Event](https://www.paloaltonetworks.com/blog/category/event/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Non categorizzato](https://www.paloaltonetworks.com/blog/category/non-categorizzato/?ts=markdown)

[#### See How We're Fortifying Cloud and AI at AWS re:Inforce 2025](https://www.paloaltonetworks.com/blog/2025/06/fortifying-cloud-ai-aws-reinforce/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language