A quiet trend has been bubbling in the corporate world. Over the last few years, some firms – even large ones – are letting their staff use their own personal gear for work. This trend is fairly new, which means a lot of uncharted territory for IT managers who want to respect users and also minimize corporate risk. Everyone is learning as they go.

The adoption of consumer-driven hardware is driven as much by necessity as by a desire to keep the workforce happy. If you can keep your staff content with their lot by letting them use their preferred product or brand, and get more work out of the staff, you’d be crazy not to do it.

“A connected and informed employee with ready access to information helps the business achieve its goals, whether it's driving revenue, customer responsiveness, transaction approvals, or getting quick answers,” says Brian Reed, CMO and vice president of products for BoxTone, a provider of management software for portable devices.

“But what got the movement going was the economic mess in 2009, when the CFO side of the house was looking at expense, and we all know mobile has this big bull's eye on it because of roaming and other charges," he says.

There are other reasons employees seek to bring their own equipment to work. Once, users had better computers at work than at home, but that trend has reversed. People leave their Core i7 running Windows 7 at home and work on a clunky old Pentium 4 running Windows XP. Vendor and operating system preference is a factor, too. Apple and Linux fans are comfortable with the environments they know (or were exposed to on college campuses).

Some employers have realized that these devices, particularly smartphones, are beneficial to the firm in general. "One customer found a direct correlation between top sales reps and use of smartphones – and it was a fairly direct correlation," says Reed. "The top sales people all were heavy smartphone users. So they used that to justify smartphone service and support for the entire sales team. They bought what they could and allowed employee-liable devices for the ones they couldn't afford. There was a net revenue lift in the following year. That was not all due to the use of smartphones, but they like to think this was a big part of it."

With so many devices on the market, more individuals are going around the IT department and bringing their own devices to work anyway, notes Michele Pelino, senior analyst for mobile communications at Forrester Research.

While some have ascribed the movement to the economic crisis, it actually started before the late 2008 collapse. According to the Aberdeen Group, from January 2008 to December 2008 there was a four-fold increase in firms saying they permitted employee-liable devices somewhere in their organization. That increased from less than 10% to 40%, according to Andrew Borg, senior research analyst for mobile communications at Aberdeen.

He attributed the change to the launch of the iPhone 3, its accompanying SDK, and the launch of the App Store. "You had a robust and powerful platform that could accomplish real work tasks but was in consumer channels," says Borg.

It's ironic, since Apple had no enterprise strategy then, and still does not prioritize the enterprise above consumers. But Borg noted that with iOS 4, Apple did amp up its enterprise support with multitasking and improved manageability and security.

The trend varies by industry. "The regulated industries tend to prohibit employee-owned devices. When they do allow them they tend to be tightly controlled," says Borg.

Businesses in highly regulated industries have few employee devices, which isn't to say it doesn't happen, says BoxTone's Reed. "But the risk of data loss is scarier and more disconcerting to an IT department in a highly regulated industry. We see a lot of employee-liable devices in certain industries like retail, packaged goods, and education – industries where employee-liable risk/reward is lower and the ROI is high."

Still, the trend is on an upswing. Forrester says about half of all North American firms it surveyed have at least some level of employee-liable hardware. BoxTone said about half of its installed base support employee-liable hardware and another 10% are looking at deploying it.

On the flip side are inherent risks. With company owned-and-controlled equipment, it's a nightmare when an employee loses a notebook or a company-supplied smartphone is stolen. What if that lost hardware has company data and lacks secure wipe features?

About 30% of BoxTone’s customer base said they won't allow employees to bring personal hardware to work. Aberdeen's findings match that; around one-third of firms won't allow employee-liable hardware, says the research firm. The businesses with the strictest policies tend to be in highly regulated industries like finance and health care, where data integrity is paramount.

But Who Owns It?

Letting your staff bring in their own iPhone, iPad or laptop may save the company some money and make the IT budget stretch farther, but it creates new challenges. Who owns the equipment, and who is responsible for it? Establishing policies is a must.

"Firms need to have a way to lock down and wipe those devices. That's where management comes into play and why firms need to use a device management solution to have some structure where they can," says Forrester’s Pelino.

"Ownership trumps all is a nightmare when the employer doesn't own the computer," says Lewis Maltby, president of the National Workrights Institute. There have been cases, he explains, where employers had reason to believe that employees had sensitive company data on home computers and were misusing it. The businesses went to court for a court order to make the employees divulge the contents of the home computer. Most of those employers lost. "None of these were fishing expeditions. They were sincerely concerned something was going on," he says.

So if the employee is providing the hardware, they have ownership of it and its contents, according to the law. That means employers have got to establish the rules with their staff before any other steps are taken.

"One of the most important things an organization need to do is have an end-user agreement that the employer has with the employee where the employee says,

‘I agree to the rules,’” says BoxTone’s Reed. Employees must let the employer secure and manage the device and follow company policies. If the device is lost or the employee leaves the company, the employee must inform management to protect corporate data.

"That's the first thing people forget to do. When they start from the beginning there should be an agreement between HR, Legal, and the employee," Reed says.

Pelino says more firms are taking such steps, with a lot more structure in place. “There's actual documentation of corporate policies around mobile devices, who gets access to what, and requiring employees to really read the agreement rather than just check it off as read because they will be responsible," she says.

Aberdeen has found that the smartest firms, what it calls "best in class," are aware of the risks and do the best preparation before letting an employee use their own gear at work.  The laggards are just letting staff use their gear and worry about the rules later. "The best in class have clearly stated policies about the corporate data that resides on the device, and [employees] can't have access to the data unless the enterprise is given a legal waiver to erase that device if it's lost or stolen," says Borg.

And if the employee bought the hardware but uses it at work, who supports that device? That also has to be established, says Reed. He knows of one company where employees who bring their Macs to work are sent to an Apple store's Genius Bar for technical support.

"Nothing is for free. If you are going to support all these users bringing their equipment to work, you have to support them, and you have to think it through to support them on a policy level and a process level," he says.

Reed considers the trend to be still in the early to medium stages. "The early adopters are through it. Early, early adopters were experimenting due to economic pressures, but now it's emerging toward mainstream market and I think it's going to grow. There has been an explosion in interest in the iPad and PlayBook and Xoom," he says.

Thus far, though, no one is backing out. Borg said only 3% of firms that tried employee-liable programs changed their minds. He has yet to hear of employees backing out of the deal. "Employees are willing to bend a little. They get more than they give," he says.