In fact, one of Beachhead's customers recently reversed its BYOD policy because of the security risks. If an employee now wants an iPad, for instance, the company will buy and manage it instead of allowing the iPad to be a part of a BYOD program. They're saying, We don't feel we have our act together to really allow this," Rubin says.
Encryption Is Not Enough
Another lesson CIOs can learn from Snowden is the need for multi-layer security, or automatic triggers for wiping data. Many companies rely on encryption to keep their data safe, yet once a rogue employee gains the password, encryption is worthless.
Rubin says the Snowden case highlights the need for triggers that eliminate data beyond a geo-fence or after a certain number of incorrect logins or amount of time.
Also, companies might want to look into multi-factor authentication and data access controls to prevent rogue workers like Snowden from seeing data in the first place, Rubin says.
Given Snowden's ability to steal from the NSA, coupled with the rise of both the tech-savvy millennial and BYOD, CIOs are sensing a loss of control over corporate data.
"It's happening too fast," says Rubin. "I think companies are a little paralyzed."
Sign up for CIO Asia eNewsletters.