Pabst is far from alone in its approach to BYOD. In fact, Aberdeen found more than half of the U.S. companies that allow employees to BYOD set no restrictions on devices. "Look, scream it from the rooftop, we know that mobility gives a real competitive advantage," says Andrew Borg, an analyst at Aberdeen. "But it appears that 'we've gotta go mobile now, we'll figure it out later' appears to be what many organizations are doing."
Borg says there's no reason for companies to take such risks. Aberdeen says that a single compliance lapse could cost a company between $10,600 and $461,699, depending on the number of compliance violations on the device.
Borg and another analysts interviewed for this story acknowledge that we have not seen a major incident with BYOD devices publicized yet. But why be the headline, Borg asks.
The challenge for CISOs is palpable. For one thing, it's hard to keep up with best practices, says Adam T. Shapiro, Chief Technology Officer of Breakthrough Technology Group, a managed service provider based in Morganville, N.J.
Shapiro was previously in charge of Citigroup's Client Infrastructure Engineering, where the company's efforts to allow remote work showed a huge thirst for BYOD. The company used Citrix Receiver, a virtualization client, to allow for remote access. Once in place, "you saw every single person that was a Mac user start to use their personal Mac," Shapiro says.
He also says technology is moving too fast for policies to keep up. "There were people coming in with early releases of Windows Tablets" and other new devices, he says. Then they would complain that they couldn't get access. "Best practices are no longer even best practices. It's an evolving game," he says.
Citigroup had not done things willy-nilly -- it had a process of meetings and discussion to develop a BYOD model that went through a wide variety of use cases, and had built custom wireless networks to help. Even so, the organization was surprised by how 'creatively' some people decide to use technology. "There were some use cases where you would say, 'Really, people do that?'" Shapiro says.
Citigroup's example illustrates that each company will have its own complexities, with technology and policy decisions to iron out. At any rate, don't be the headline. Emulate smart companies and avoid BYOD's most basic blunders.
Blunder Number 1: Just jump in - the water's fine!
In fact, the water is murky. Companies that just open their networks to BYOD without a plan might hit riptides, stingrays, sharks even. Do you have a lifeguard? Do you even know who should be on the beach?
"Step back and think about your company and what the mobile worker population of the company might look like," says Stacy Crook, an analyst at International Data Corp.
Sign up for CIO Asia eNewsletters.