* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/)
* Fresh Perspectives on Con...

# Fresh Perspectives on Consumerization and BYOD - Part 3

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2012%2F05%2Ffresh-perspectives-on-consumerization-and-byod-part%2F)  
[](https://twitter.com/share?text=Fresh+Perspectives+on+Consumerization+and+BYOD+-+Part+3&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2012%2F05%2Ffresh-perspectives-on-consumerization-and-byod-part%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2012%2F05%2Ffresh-perspectives-on-consumerization-and-byod-part%2F&title=Fresh+Perspectives+on+Consumerization+and+BYOD+-+Part+3&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2012/05/fresh-perspectives-on-consumerization-and-byod-part/&ts=markdown)  
\[\](mailto:?subject=Fresh Perspectives on Consumerization and BYOD - Part 3)  
Link copied  
By [Brian Tokuyoshi](https://www.paloaltonetworks.com/blog/author/brian/?ts=markdown "Posts by Brian Tokuyoshi")  
May 11, 2012  
5 minutes  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[BYOD](https://www.paloaltonetworks.com/blog/tag/byod/?ts=markdown)  
[consumerization](https://www.paloaltonetworks.com/blog/tag/consumerization/?ts=markdown)  
[Mobility](https://www.paloaltonetworks.com/blog/tag/mobility/?ts=markdown)

This is the third of a three-part blog series exploring the issues and challenges with consumerization and BYOD. In [part 1](https://www.paloaltonetworks.com/blog/2012/03/fresh-perspectives-on-consumerization-and-byod-part-1/?ts=markdown) of this series, we examined the challenge of dealing with the scope and diversity of consumerization. In [part 2](https://www.paloaltonetworks.com/blog/2012/04/fresh-perspectives-on-consumerization-and-byod-%e2%80%93-part-2/?ts=markdown) of this series, we took a closer look at why the network plays such an important role in making an effective strategy. In this segment, let's take a closer look at how the next-generation firewall provides the means to assert control.

It's clear that the network is the right place for IT to enforce control between applications and users, and that's true regardless of what device is being used. What the traditional network lacks, however, is the control structure to address applications, users or devices as policy criteria. For example, the legacy firewall can't make the determination of what applications, users and devices are on the network, even though it is in the right location for enforcement. A VPN might know who wants access to a network after asserting authentication credentials, but it has no idea how to tie identity to the firewall's enforcement of what traffic may pass. Device identification and blocking methods range from the ineffective (such as MAC address filtering) to the impractical (such as network access control). And some controls for handling consumerization, such as identifying whether an application is being accessed from an IT managed asset (and thus permitted to locally store application data), are not addressed by any traditional network security product.

The next-generation firewall takes a fundamentally different approach towards traffic classification and policy enforcement. Using App-ID, User-ID and Content-ID as its core technologies, the next-generation firewall provides visibility and control in a manner not found in any combination of existing traditional network security products. To understand how this enforcement is possible, let's revisit the scenario from the previous article, namely a company wants to protect a financial application in the data center, restricting access to accounting employees using an IT-managed endpoint. In addition, in order to reduce the risk of data breaches, the organization wants to make sure that this class of applications is only accessed from a managed, corporate-imaged endpoint with disk encryption, operating system patches, and up-to-date endpoint security signatures.

All of this can be done in a single policy in the next-generation firewall. That's because that the next-generation firewall is using App-ID for application traffic identification rather than blindly trusting port assignments. It identifies the application traffic itself, rather than the port it uses, and as such, it can zero in on letting the specific financial application through while stopping the traffic that does not belong. With User-ID, the firewall policy incorporates users or group information from a corporate directory to determine who is a part of the accounting organization. Content-ID can check for the flow of inappropriate data (using a regular expression or predefined pattern matches for personally identifiable information) and stop dangerous or inappropriate traffic, such as malware.

GlobalProtect adds two important capabilities to address the dramatic impact that consumerization has on mobile computing. First, GlobalProtect provides the capabilities for endpoints and mobile devices to connect to the next generation firewall from anywhere. This combination provides both remote access and network security, ensuring that the firewall provides consistent enforcement of policy whether the user is on the local LAN or on the road. More specifically, location now becomes a policy enforceable element as well, allowing an organization to specify whether there are additional restrictions in place for external users. GlobalProtect has an extensive set of remote access capabilities that I'll cover more in depth in a future blog post.

The second component added by GlobalProtect is the ability to use the state of the endpoint when evaluating firewall policy, whether connecting from an internal or external location. The client checks for the presence and state of various security features, and generates a Host Information Profile (HIP). The next-generation firewall uses this information as part of the policy evaluation. Going back to our example, this allows an organization to check for the presence of valid user on a properly managed endpoint before allowing network access to the application in the data center.

[](https://www.paloaltonetworks.com/blog/2012/05/fresh-perspectives-on-consumerization-and-byod-part/screenshot/?ts=markdown)  
[![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2012/05/screenshot-500x220.png "HIP Policy")](https://www.paloaltonetworks.com/blog/2012/05/fresh-perspectives-on-consumerization-and-byod-part/screenshot/?ts=markdown)

GlobalProtect pairs nicely with mobile device management (MDM) solutions from our partners, which include [MobileIron](http://media.paloaltonetworks.com/documents/mobileiron.pdf) and [Zenprise](http://media.paloaltonetworks.com/documents/zenprise.pdf). MDM can bring an unmanaged device to a managed state, and in the process, establish connectivity to GlobalProtect through the installation of an authentication certificate. If you want to learn more, [MobileIron has a video](http://www.youtube.com/watch?v=jNczuIvPLDM) that's available to illustrate how the next-generation firewall works together with its mobile device management platform.

That concludes the three part series on the role of the next-generation firewall as it pertains to the issues of consumerization and BYOD, but consider this more of the starting point rather than the end. There's still a lot more to talk about, on both policy, process, and tech, and I'll be writing more about these topics in upcoming blog entries. In the meantime, if you're interested in learning more about the impacts of consumerization, check out the webcast "[Coming to Grips with Consumerization](http://connect.paloaltonetworks.com/download-longform?doc_id=57)" with Nir Zuk and Rich Mogull.

*** ** * ** ***

## Related Blogs

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Ransomware Attacks: Why Your Endpoint Protection Can't Keep Up](https://www.paloaltonetworks.com/blog/security-operations/ransomware-attacks-why-your-endpoint-protection-cant-keep-up/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Automation of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/automation-of-the-week/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### A Day in the Life with Your AgentiX Automation Engineer Agent](https://www.paloaltonetworks.com/blog/security-operations/a-day-in-the-life-with-your-agentix-automation-engineer-agent/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Beyond the Cloud Dashboard: Exposure Management Requires Full-Scope Visibility and Real Action](https://www.paloaltonetworks.com/blog/security-operations/beyond-the-cloud-dashboard-exposure-management-requires-full-scope-visibility-and-real-action/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### From ILOVEYOU to AI Defenders -- 25 Years of Email Evolution](https://www.paloaltonetworks.com/blog/security-operations/from-iloveyou-to-ai-defenders-25-years-of-email-evolution/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### The 3Cs of AI Red Teaming: Comprehensive, Contextual \& Continuous](https://www.paloaltonetworks.com/blog/network-security/the-3cs-of-ai-red-teaming-comprehensive-contextual-continuous/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Securing Shadow AI with Cortex Xpanse](https://www.paloaltonetworks.com/blog/security-operations/securing-shadow-ai-with-cortex-xpanse/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language