If they had planned three years ago, the amount of information flowing through [the Internet] today, it's much broader than what the most optimistic analyst would have thought of.
How should companies be creating policies for BYOD?
From a role based and location based approach. What role do you have? If you're a sales manager, what can you access? If you're an accounts manager, what can you access? It's role based. Another thing is having the intelligence in knowing where they are accessing the device from, how secure is my device when going through the wireless network, of say, a café. It's about what I can access and what I cannot access.
You described BYOD as "A wave that the CIO is trying to hold back but cannot". Do you think it's possible for CIOs to get this under control?
You can't hold it back; you need to manage the change. The key thing that has happened with the consumerisation of IT is that users used to have very little influence on the IT decisions. The pressure for the CIO is coming from the top, from the CEO, the CFO and the CMO who are getting their own gadgets and demand to be able to use them for work. That has been one of the key challenges for the CIO; it's hard to push down BYOD when it's coming from the top.
So if there are things that the CIOs can do, it is learning the best practices, sharing with other IT managers, having very strategic discussions with hardware and software vendors in terms of vision and planning the roadmap in terms of innovation.
It's about embracing the change, because it happens. And which part of your organisation to address it first.
Sign up for CIO Asia eNewsletters.