With BYOD (Bring Your Own Disaster Device at the workplace) gaining traction, there is no point in having three sets of users / user machines (internal, external and the DMZ plus spaghetti policy exceptions). You only have external users and the DMZ.
Internal users and insider threats “do not exist”. It makes life simpler and you get rid of hybrid characterizations for consultants and outsourcers…
Managing organized complexity 