Many companies that have had BYOD policies for a while have matured their thinking. They've grown from looking at employees' personal devices as something to lock down to allowing them in a limited fashion to fully embracing them.
They have moved from allowing only company-provided phones to supporting "COPE" devices (which are corporate-owned, personally enabled tools) to sanctioning true bring-your-own device setups, says Chris Marsh, an enterprise mobility analyst at Yankee Group.
To reach that point, organizations need to get used to data residing beyond their firewalls, and to not always having ownership of that data, Marsh says. As part of this change in mindset, the focus of security efforts should not be on the device alone, but on data, he adds.