Executives at many large companies are ignoring internal IT policies by bringing their own devices to work, often to the detriment of corporate security, says David Cannon, enterprise offering leader at IBM.
"Executives often think of themselves as above the law when it comes to IT policy," says Cannon.
"And depending on the company, sometimes they are, and the IT teams just have to adapt."
Speaking over breakfast before presenting an IBM sponsored seminar on mobile security, Cannon gave Computerworld an example of a prominent banking executive who had won an iPhone at an event, and demanded his IT team synchronise it with the bank's BlackBerry Enterprise Server. Until then, the executive would forward business emails to his unsecured personal Gmail account so he could retrieve them on his new iPhone.
Cannon says most large companies have not kept up with the speed of change in the mobile space, and do not have specific policies regarding mobile working.
He adds that while it is refreshing to see enthusiasm for technology coming from the top down, IT managers need to be careful to set the best policy for their systems.
"Often we are finding IT is being dictated IT policy by other staff, when it really should be the other way around," says Cannon.
Dennis O'Shea, CEO of Mobile Mentor, who also spoke at the seminar, recommends that every CIO and IT manager has a BYO technology policy in place by the New Year.
The former director of Nokia New Zealand, says there will be a demand for BYO devices as employees snap up reduced price smartphones and tablets over the Christmas period.
"At this point smartphones are often just as cheap as feature phones," says O'Shea. "Employees are going to expect to be able to do their work on these devices."
He says while malware is always a risk, the greatest threat to an organisation is generally through user carelessness and data loss, and says any BYO policy should address this.
"What I recommend to my clients is their policy meets their employees somewhere in the middle," says O'Shea.
"Let them bring in their own devices but you manage it and maintain security. You should always be able to go in and make a backup of important information, or remotely wipe the entire phone if you need to."
Sign up for CIO Asia eNewsletters.