BYOD has matured into a method for a shared investment by the company and its employees for second-tier usage, at least at the corporate level. Employees get help with the high cost of data plans this way, and perhaps can afford to get better mobile devices that they use at least as much for personal benefit as for business purposes. It's a win-win that wasn't technically possible before the mobile management vendors saw the opportunity that BYOD provided.
Today, a company or IT department wrestling over whether to support BYOD — or even how — is demonstrating how out of touch it is. Or how it's obsessed with a "get over it" premise. A vendor using BYOD today as a way to sell its services — especially from a fear-based premise — is one that is either clueless or craven.
Whether or not you want to admit it, you have employees who are using their own devices (mobile devices, home PCs, and so on), services, and apps. You can pretend they aren't doing so and create for yourself and your executive management a false sense of security and compliance. You can invest real money and time trying to ferret out these "shadow IT" villains. Or you can get real.
You need a security and compliance strategy that is independent of specific technology, even if you fancy yourself a Windows shop, an SAP shop, or whatever. Policy is where you should start, in terms of access to both networks and content. Once you've done that, you worry about having the right tools to manage, enforce, and validate policy compliance on the heterogeneous clients employees will have, regardless of who bought them. If something is suspect, don't allow access from it.
It really is that simple. Sure, the execution can be complex depending on the stringency of your legitimate needs, but if you start from these core principles, you'll have a good shot at meeting your needs. You may even (re)gain the trust of your employees to do truly great things together. Make these part of your IT resolutions for 2014.
Sign up for CIO Asia eNewsletters.