IT'S INCREASINGLY hard to just say "no" to the growing "bring your own device" (BYOD) crowd, especially with the arrival of new tools like those rolled out last week by Nokia, Motorola and Amazon, and this week from Apple (see "New smartphones spotlight the enterprise," page 14). But that was the initial reaction Information Manager Anthony Peters had when senior executivesat the accounting firm where he works started purchasing iPhonesand asking for support.

Now almost two years later, with a BYOD policy in place, "the demand comes from everyone." says Peters, who works at Burr Pilger Mayer. Much the same thing is happening all across the country in manufacturing.government, healthcare, high-tech and in law offices as BYOD challenges traditional security and mobile-device management (MDM) practices.

The 600 or so attorneys at Foley & Lardner LLP are offered the option of BYOD on a voluntary basis and with a subsidy to keep it "cost-neutral" to whatever corporate-issued device BYOD is expected to replace, says Rick Varju, director of engineering and operations there. He says this "whole consumerization of IT craze" basically got rolling because the firm's ClOgotaniPad.

But due to concerns about security and compliance, IT departments are making their own demands on BYOD users - often asking them to agree to give IT control over their personal smartphones and tablets. IT is requiring the users to install corporateissued management and security software to monitor or remote wipe - and sign off to accepted practice in BYOD policies.

John Pironti, president of consulting firm IP Architects, who has advised security association ISACA on BYOD security issues, contends the legal questions are usually harder to answer than the technology ones.

When it comes to corporate data at risk, Pironti says BYOD is "about liability." In some places, BYOD should be rejected because it's too big a risk, or it's deemed that the user's privacy will be violated. Either way, he warns, don't think a personally owned device won't be subject to regulatory-driven audits just like corporate devices.

At Burr Pilger Mayer, it is viewed that BYOD devices have to be audited just like any corporate-issued device would. So employees eager to go BYOD have to agree to use...