For example, it's fairly straightforward to require the use of encryption, certificates, and other security tools on Windows PCs, no matter who owns them, thereby allowing IT to ensure that a home PC is secured the same way as a work one. (For Macs, it's not quite as easy, but still largely possible.) But for smartphones, security and management capabilities vary greatly from device to device. BlackBerrys and Windows Mobile devices can enforce PC-level security and data management if the business has the right policy servers in place. But for iPhones, only some policies can be enforced. Even fewer are enforceable on Palm Pres and Nokia Symbian devices, and almost none are enforceable on Google Android devices. Third-party tools are beginning to change that reality, but by and large it's fair to say that you can't control the data and access on these newer devices at the same level you can a home PC.
"You need to strike a balance between an IT-controlled management tool set such as you have built for desktop management and employee-led management, where employees are responsible for their own devices," says Schadler. "That balance point will vary based on your industry and culture."
Surprise: You probably can't control as much as you may want
Further complicating this issue are the legal ramifications of dual-use devices.
The laws on what employers can do with employees' personal equipment and accounts haven't caught up to today's mix of devices and cloud services, notes Peter Vogel, an attorney at Gardere Wynne Sewell who specializes in Internet, computer, and e-discovery issues. There are plenty of misunderstandings as to what a business can and can't control.
Despite the legal ambiguity from conflicting court decisions and the lack of precedent in many areas, patterns have developed in cases involving home PCs and other personal technology that may influence your smartphone ownership strategy.
For example, corporate email belongs to the company, and the company has full access to it, no matter where the employee accesses it. Plus, the company can set policies for what is transmitted through corporate email.
"But email issues are complicated by employees who use Webmail services such as Gmail, AOL, and Hotmail to conduct company business. Many courts have ruled that employers lose confidentially and potentially valuable trade secrets when employees send confidential information via Webmail," Vogel says. That reasoning could easily be applied to the use of personal smartphones.
International issues also pop up, Vogel notes: "Generally in the U.S. emails are private to employers, while in the E.U., Canada, and Japan emails are private to employees. Furthermore, in the E.U. there are data privacy laws for individuals called the 1995 Data Directive that permits citizens of the E.U. to access any computer that contains data about them and change that data. The U.S. has nothing like this at all, and when there is communications between the E.U. and U.S., determining which law applies gets very complicated."