Return-to-office (RTO) mandates may be driving headlines, but they overlook IT’s real challenge.
Even in companies pushing for more in-office time, work remains inherently distributed.
Contractors and freelancers still work remotely, offshore teams operate across time zones, and employees continue to log in from home, airports, hotels – and on a myriad of devices including personal laptops.
That said, optimizing IT strategy for the physical presence of an office setting is not realistic to how work is actually done today. Even in organizations increasing in-office time, work remains incredibly dynamic – both in worker and location, but across a variety of on-premise and cloud applications, AI tools, and more.
Employees may be coming back to the office more often, but the core IT problem has not changed: company data still needs to be secured across distributed environments and devices the business does not fully control.
The Workforce Has Already Changed – Permanently
Modern organizations are relying more heavily on contractors, consultants, offshore teams, BPO partners, and other contingent workers to build a more flexible and cost-efficient workforce. By shifting away from a fully employee-based model, businesses can scale faster, tap into specialized talent, and reduce the overhead tied to full-time hiring.
In fact, organizations can save roughly 30% by hiring contingent workers instead of full-time employees – presumably why these workers now make up about 40% of the U.S. workforce.
Additionally, for full-time employees, RTO has not meant a clearly defined 9-5 workday. Even companies pushing RTO mandates expect their employees to answer a Slack message while on vacation or make sure a campaign launches on time. In practice, that means workers are using personal or unmanaged devices to get things done – and putting company data at risk.
IT is Caught in the Squeeze: Enable Agility, but Maintain Security
IT leaders are being asked to keep pace with the evolving needs of the business. They are expected to enable global hiring, support secure AI adoption, keep up with SaaS sprawl, maintain security and compliance, and cut costs – and do all of it with minimal delay.. This is where the legacy compute model begins to show its age.
The traditional solution for enabling all workers was to ship a corporate laptop and lock it down. It’s a model that made sense when most employees worked in one office, on one network, using a handful of approved applications – but that’s no longer the case.
Shipping hardware is logistically expensive, complex, delays onboarding, and becomes an asset management burden that scales poorly across distributed workforces. And securing access to work apps and data using legacy models like Virtual Desktops (VDI and DaaS) bring their own baggage: infrastructure overhead, licensing costs, and latency complaints.
The reality is that centralization doesn’t guarantee control anymore. In many cases, it just shifts the complexity somewhere more expensive.
The Real Shift: From Protecting Endpoints to Protecting Work
So what does a better model look like?
The answer is not to take over every device that touches company data. It is to secure the work itself – the business applications and sensitive data that matter most.
For years, IT security was built around controlling the endpoint. But in a world of contractors, offshore teams, BYOD programs, and hybrid work, that model is increasingly difficult to scale and costly to maintain. A more modern approach protects the work environment directly: enforcing policy inside a secure workspace, keeping corporate data separate from personal use, and allowing applications to run locally without requiring IT to manage the full device. In many cases, that eliminates the need to provision and secure a separate corporate laptop.
Secure enclave technology is one example of this shift. It creates a company-controlled workspace on any unmanaged or personal device, where data stays encrypted and security policies remain in force.
This reflects a broader evolution in enterprise security: from endpoint-centric control to work-centric protection. When the workforce is distributed and devices are diverse, the most effective boundary is no longer the device itself. It is the work.
IT as the Enabler, Not the Bottleneck
The organizations that will thrive in the next phase of work won’t be the ones that enforced the strictest badge-in policies. They’ll be the ones that built security architectures flexible enough to say yes – to global hiring, to BYOD, to AI tools, to hybrid schedules – without inheriting the cost and complexity of legacy models.
RTO mandates may keep making headlines, but for IT leaders, the real question was never about where people work. It’s about how you secure what they do, on whatever device they’re doing it from.