The study also found 34 per cent of Australian organisations enforce a ban on BYOA. However, another 14 per cent disallowing BYOA admitted they knew their employees downloaded applications anyway.
"There may be prudent reasons for organisations to put a stop to it, but I recommend communicating those rather than banning it outright," says Gedda. "You can ban Gmail if you want to, but you have to ask why people are using it in the first place."
Several CIOs agree communication about acceptable use of mobile apps is important. The TGA uses daily messaging, brown bag lunches and one-on-one sessions to explain its policies and how to use available mobile tools, Bickerton says. In addition, the government agency has a small, informal user group that discusses ways to be more productive in the workplace, including app recommendations.
Forrest says communication with mobile users is critical to keeping CASA data secure.
"We've tried to be as open as we possibly can in trying to engage with the relevant mobile users to understand their needs and to educate them on the risk that are taken in terms of downloading apps on the personal side of the device that they might want to use for CASA purposes," he says.
Prentice advises against a "default/deny" method that bans everything except apps on an approved whitelist. A better approach is to blacklist a small set of apps and allow the rest.
"You're granting your employees rights to be able to do these things, you connect it with responsibilities, and what you do is you monitor and you audit to make sure those are being adhered to," he says.
Prentice warns organisations exerting too much control over what apps can be used risk angering employees, while Forrest says banning certain apps and allowing others misses the point.
"The best way to enable BYOA would be to allow it in full," says the CIO. "If you have a blacklist or a whitelist, then that really takes away from the innovation BYOA is trying to bring."
Enterprise app store
Several organisations have set up enterprise app stores to take control of the software downloaded and installed on users' mobile devices. This self-service model allows employees to download a select list of apps chosen by the organisation.
Coca-Cola Amatil has set up an app store featuring both internally developed apps and a selection of recommended personal apps. The store is now about one year-old.
"We don't lock anything down on the tablet devices out in the field, so people can choose," Simpson says. "But what we find is, by having that central app store with recommended apps based on feedback from the people in the business, most people will adopt those as best practice."
Sign up for CIO Asia eNewsletters.