I'm sitting at a car dealership right now. While my car is being worked on, they've courteously provided me with a desk and an ethernet cable. Seems like a good idea. This way, I'm not totally unproductive while my car is out of commission. I can't help, however, thinking of this from the perspective of IT security. There was a time when a corporate IT team could reasonably believe that they have control (in some measure) over the hosts for which they're responsible. In a world where access is available everywhere, and many employees carry laptops, that control isn't even an illusion any more.

The possibility of an unstructured compromise (virus/malware) is obvious in these public scenarios. All it takes is a single infected laptop and another vulnerable host. That's the obvious concern. Less obvious is the increased feasibility of structured, intentional compromise. If I, as an attacker, have identified an intended target, I can more easily launch an attack in a public location. If I find out that my target frequents a particular Starbucks, or has an open WAP at home, there is no need to obtain access to the corporate infrastructure to achieve a compromise.

It's not that this increased threat isn't understood by the InfoSec community, it's that it isn't understood by the average user. The ability to effectively manage the vulnerabilities on each host while they are within the corporate IT infrastructure is even more important when they will inevitably leave that protective environment.