Re:And this is new? (Score 1)

I would agree. Its not new and covered well. How ever I am of the opinion that it not so much malicious employees (though there are plenty) but laziness. Keeping security requires a degree of adhering to protocol and inconvenience. If the all rules aren't enforced on people they will break them. Take your typical vpn client deployed to an employees work laptop or home pc. Now add in all the crud they run on their home pc/laptop and all the rules they will not follow. Once the pc is infiltrated they got a straigh path into the network. So much for vpn's they effectively extend your 'secure' network into the most unkept areas of control.