For the last couple of years at work I've been part of "Beyond Corp", a programme to
Re-architect corporate services to remove any privileges associated with having a corporate network address.
Doing this at a large, 15-year-old company with an extensive legacy IT infrastructure is hard. It's been interesting.
Earlier this month, my colleagues Jan Monsch and Harald Wagener presented a talk about the programme at LISA '13. It's a detailed overview of our background, vision and architecture, along with a discussion of challenges we've met along the way. I had planned to present, but family life intervened and Harald heroically stepped in. :o)
It's a great talk; strongly recommended to anyone with an interest in modern security and management of large, mobile client networks.