Then again, that cost could be worth it, Voellinger notes, as it allows you to use the right smartphone for the job. This approach often bolsters employee productivity through increased satisfaction, given the expectations of today's employees, Voellinger says: "What makes my blood boil is that an employee gets downgraded when they walk in the door" compared with what they use at home. The employee's reaction is increasingly likely to be, "You're seriously going to hand me XP Pro and a BlackBerry Curve?"
And don't forget that company-issued and company-managed smartphones have their own support costs, not just for employee support but also for billing and asset management.
Navigating the smartphone's dual-use nature
One argument for allowing employees to use their own smartphones for work purposes is that carrying two devices and having two mobile phone numbers is a pain.
Sure, people have long had personal phones at home and office phones at work, but because people carry their smartphones with them most of the time, it can be an employee-friendly policy to let them use just one device for both purposes. It could be a personal device that's subsidized for work usage or a work device that allows personal usage to a certain cost limit.
People take care of personal issues on their work phones and take work calls at home, so allowing for the same mix on a cell phone isn't a stretch. Data capabilities, however, provide a new wrinkle, and the fact that employees' smartphones can store and access company information such as emails, contacts, calendars, and documents is enough to make many IT and security pros wince at the thought of dual use.
This problem is not unique to smartphones. Many employees work at home -- and even at the office -- on personal computers. A December 2009 Gartner survey estimates that 10 percent of midsize businesses allow employees to use their own personal laptop at work, a figure expected to rise to 14 percent this year. Also, some users play games, check personal email, or run iTunes or Windows Media Player at work to listen to their personal music on their work computers.
"The focus is on mobile, but the problem is universal. What's the demarcation? There is none," says Telwares' Voellinger. "By owning the asset [the smartphone or PC], is the prevention [of abuse or breach] any different? The risk is still the same."
That's why the "secret" to smartphone management is "treating employees like grown-ups and using a 'trust and verify' model for policy control," Forrester's Schadler says. "You have to stop treating it as an IT policing issue and instead treat it as a business risk management question."
More and more companies are making this shift in their thinking, Schadler says, not just for smartphones but also for bring-your-own PCs (and Macs) and other user-facing technologies.
Yet for smartphones, the dual-use bar for managing access and data security is quite different, given that most smartphones don't yet offer PC-level security and management capabilities.