"Absolutely, there are some that say, 'The [low] risk isn't worth the investment today for us,'" says Shields. This anything-goes-type approach is what the bulk of small businesses do these days, and he said that in most cases, the company either provides a device or allows BYOD, pays the bill, and lets users go on their way.
In some cases, however, the approach of completely passing on an MDM solution isn't always acceptable to the companies' partners. Lingenfelter also says that he's heard of small companies that have opted to go with no solution at all, usually because they don't have any IT within the company and they subsequently have no infrastructure or centralized email systems. In those cases, the extremely small companies typically trust their employees equally and expect them to "do the right thing," but that sometimes isn't enough for the other companies they work with.
"We've seen some small companies come to us and say that they've gone that route [of not implementing anything]," Lingenfelter says. "But because of their partners, mainly in pharmaceuticals, they're being asked to put something in place because of the nature of the business."
That very sentiment from those outside partners — that using absolutely no kind of solution is not acceptable — is one that Lingenfelter also agrees with.
"If you're not doing any management, you're exposed, whether it's an attack vector or an info leak vector," he says. "For those that are concerned about the latter...they're not going to be a target. But there is plenty of software out there that the end user can install and then will leak data out." There are other concerns too, he adds, like lost devices.
""If you don't have any management over that device, how are you going to wipe it?" Lingenfelter asks. "There are options with Apple and Google to do remote wipes, but did the user set it up? If they didn't, you're out of luck."
Without any sort of management, there is also the risk of the comingling of corporate and personal data. If a device has both a user's personal and business email accounts, it's entirely possible that they may get mixed up and do something like send a business attachment from a personal email address. Regardless of the scenario, though, Lingenfelter insists that risks abound without some sort of solution.
Shields, however, doesn't believe that an MDM-less scenario is quite so doom and gloom. While he admits that there are certainly some risks, he says it often just isn't worth it to smaller companies to make the investment.
"MDM doesn't provide that much security to begin with. It's a management tool," he says. "It does give you wipe and find device features, but it's not a security technology at its core."
Sign up for CIO Asia eNewsletters.