I participated in a brief discussion on Twitter regarding the Podesta email breach. I blame the DNC for the reach.
Clinton and Podesta were functionally using shadow IT. There really isn’t any excuse for not detecting it. So then what? Do you declare it unsupported or assess the risk and implement compensating controls?
How expensive is monitoring for a few dozen extra email addresses on HaveIBeenPwned?
These folks already have administrative assistants and likely physical security details. If your organization is willing to spend those resources, why can’t you spend some resources assisting with the secure configuration of personal devices?
To take it a step further, give them a SOHO router IT remotely manages. You can decide how comfortable the VIP and the organization is with the relationship. Are you just doing secure configuration? You can throw OpenDNS on it for ‘blind’ basic security.
In a Cisco environment, you can hand out 881 devices that automatically VPN back. The VIP can take home a hardware VOIP phone. You can provision dedicated wireless for the VIP devices. The person won’t even have to worry about VPN in their home office.