[rejectfinite]

>and refusing to bother with company provided computers

To you and people that do this:

Do you enroll your personal PC in the companies MDM like intune or Jamf?

Do you install their endpoint protection/antivirus/EDR/MDR?

or you just leave it unmanaged?

[bdavbdav]

Was wondering the same thing - going through a tech audit at the moment for ISO and that certainly wouldn’t fly, unless we were able to prove that we effectively treated it like we owned it.

[anonyfox]

Working at companies without strict audits, and previously at bigger corps that had audits we established parallel networks for developers. Either way, BYOD was possible after all.

Also I insist on not having security based on VPN/VPC only, but treat every service as if (and often has) direct internet connections, so devs are _forced_ to think about security from day 1.