Traditionally, IT managers have exhibited tight control over who — and what — is able to access an enterprise’s networks from the outside. Usually that meant mobile workers were forced to use devices provided by their employers to connect to the corporate network via a virtual private network. But that is beginning to change, as field personnel increasingly are insisting that they be allowed to use their personal devices.

There are a couple of very good reasons for that, said Steven Wastie, senior vice president of marketing and strategy for enterprise mobility services provider iPass. “Mobility has reached a tipping point, as price points have come down to the point where most people can afford a smartphone,” Wastie said.

At the same time, mobile workers have become more demanding. “They want to use the devices that will make them more productive,” Wastie said. “They might have a computer at home that’s better than the one they have in the office, so they want to use that. They also want to use the tools that they’re used to using. They don’t want to be mandated to use a particular tool they’ve never used before that might get in the way of them doing their jobs.”

But what’s good for mobile workers isn’t necessarily good for the IT managers who are tasked with keeping them happy and productive. Indeed, having to deal with a plethora of end-user devices has the potential of creating a chaotic environment for an IT manager, according to Wastie.

Consequently, Redwoods, Calif.-based iPass has developed a software suite dubbed Open Mobile Platform that is designed to eliminate the potential for chaos and to give IT managers unprecedented visibility into how mobile workers use those devices in order to create usage parameters that help them control costs.

To eliminate the chaos of dealing with multiple devices and to let devices leverage myriad applications, iPass moved authentication from the network firewall to the point of connection, Wastie said.

“There are applications and corporate resources that sit out there in the cloud, so assuming that everything of interest is within the corporate firewall is no longer reasonable,” he said.

The desire to enable mobile workers to access a wider range of applications was only one of the factors behind moving the control mechanism to the point of connection. Another was the desire to give IT managers better control over the networks that workers can access in the field. Wastie cited the example of a U.S.-based worker on temporary assignment in another part of the world.

“The point of connection no longer can be when the VPN kicks in but rather when you start the session,” he said. “Can this person get access to anything at all? Can he get access to one type of network over another? Because you don’t want exposure to an expensive 3G network when he’s traveling overseas — you want to make sure you push him to a free Wi-Fi network first.

“Users will follow the path of least-resistance. They don’t even think about it — they just decide to use their 3G device overseas and pay whatever it is per megabyte. In some cases, you see those bills aggregate to hundreds of thousands of dollars over the course of a year. It quickly can get out of control. Our platform lets IT managers create policies that prevent users from connecting to a 3G network when they’re outside of their home country.”

iPass re-engineered the platform and the always-on Open Mobile Client that resides on the mobile devices to ensure a positive user experience, largely by simplifying the experience, Wastie said. Most of what happens does so in the background, without the user realizing what is happening, he said.

“They open their laptops, and a few seconds, later they’re connected — it just works,” Wastie said. “Frankly, it’s the best possible user experience you can get.”

The end goal established for the platform can be expressed just as simply, Wastie said.

“We have to be able to provide the ability to get people connected with any device across any network, and give the IT team the ability to control all of that — not in a Big Brother manner, but to be able to take the risk out of it and provide the best possible user experience,” he said.

iPass isn’t the only company working to give better tools in this regard. As contributing writer Lynnette Luna reported last week, wireless local area network provider Aruba Networks recently announced the AirWave 7, the next release of its operations solution for the enterprise that integrates wireless networks, wired infrastructure and client devices from one interface. According to Luna, Aruba said the move comes as mobile-enterprise users connect to networks from a large number of locations via a variety of devices, such as smartphones and laptops.