Just saw this today on LifeHacker:
Bypass Network Blocks with Remote Desktop
"In a world of virtual communication, having personal email, Twitter, and access to blogs, etc is critical and necessary for many of us. Therefore, it becomes a nuisance when our employers block us from the sites that we love and hold so close to our virtual-loving-hearts." [. . .] "I recommend this for anyone who has that tight network administrator who has blocked all your favorite sites."

This isn't the first time I've seen bypass the firewall articles, nor is it even the most technically adept (most networks would block tcp/3389 inbound and outbound).  However, I think the language of the article speaks directly to the attitudes of the "digital natives" generation.  People, used to near-ubiquitous connectivity, are willing to bypass restrictions (and rules!) to get their Internet fix.  The following are some ideas for addressing this trend.

It is nearly impossible to stop a determined person from bypassing your network restrictions.  Even taken to the extreme - wire cutters to the Internet connection - consumer technology still provides ways of access such as 3G wireless, WiFi hotspots, and mobile devices.

Businesses should consider this as a possible consequence of building gates that at least some employees will go around.  Instead, it may be better to allow the access (where it doesn't introduce liability), while funneling it through appropriate filtering, antivirus, intrusion detection/prevention, and data loss prevention.  By allowing (and inspecting!) 80% of the traffic, you may just be able to retain the ability to block the 20% that is undesirable.  By decreasing the disruption, you actually increase your level of control and visibility.

This does not mean it is not also necessary to also put controls in place to restrict "going around the gate".  For example, you should consider enforcing use of VPN - and disabling split tunneling -  for any connection other than the official business network.  In many cases it's also not necessary to present clients a default route that points to the Internet.  If all Internet traffic goes through application proxy servers, you gain a lot of control over Internet traffic and have a better chance of preventing tunneling.