Working at companies without strict audits, and previously at bigger corps that had audits we established parallel networks for developers. Either way, BYOD was possible after all.
Also I insist on not having security based on VPN/VPC only, but treat every service as if (and often has) direct internet connections, so devs are _forced_ to think about security from day 1.
Also I insist on not having security based on VPN/VPC only, but treat every service as if (and often has) direct internet connections, so devs are _forced_ to think about security from day 1.