Every six months, an employee at electrical contractor Rosendin Electric walks into CIO Sam Lamonica's office in San Jose with a question: "How come I can't use my own phone for work?"
Rosendin Electric has thousands of employees, hundreds of smartphones, more than 400 iPads and a few Microsoft Surface tablets -- none are Bring Your Own Devices.
"We would probably never have a BYOD environment here," Lamonica says.
Lamonica isn't alone, either. There's a growing BYOD backlash among CIOs that threatens to derail the once-high-flying computing trend. For instance, CompTIA's spring survey of 400 IT and business executives found that 51 percent of respondents at large companies are not doing BYOD at all.
[Related: What Is Going Wrong with BYOD?]
BYOD is a natural extension to consumer tech invading businesses: a convenience for employees tired of carrying around different devices for work and personal uses, but a headache for security-minded CIOs forced to follow the whims of a workforce with greater influence over technology purchases.
Ironically, it's exactly the kind of poor choices employees might make -- along with the underlying security risks involved in those decisions -- that has Lamonica blocking BYOD. In other words, he can't trust his employees to be smart about technology devices, apps and cloud services.
"We have a user base that might not, in a lot of cases, make the right choices," Lamonica says.
Marble Security Labs analyzed 1.2 million iOS and Android apps and found that business information is inadequately protected by consumer apps on BYODs.
Attackers have found ways to publish malicious apps or to attack mobile users over SMS or through compromised Wi-Fi hotspots on both platforms, Marble Security says. Moreover, iOS threats such as hostile configuration profiles, unencrypted email attachments and backup hijacking present new opportunities for hackers.
[Related: 12 Big BYOD Predictions for 2014 ]
With company-owned devices instead of employee-owned devices, Lamonica says he can better manage and secure them. He wraps mobile device management software from MobileIron around tablets and smartphones and remotely wipes lost or stolen devices without having to worry about an employee's expectation of privacy, because, well, there isn't any.
Rosendin Electric also gets volume discounts from wireless carriers, while avoiding the BYOD baggage of expense-reimbursement hidden costs, taxable paycheck stipends, or credits on wireless bills.
Personal Touch Without Buying Into BYOD
Despite his tough stance on BYOD, Lamonica does allow employees to use certain lifestyle apps and store personal photos on company-owned tablets (although the company reserves the right to wipe them). With MobileIron, Lamonica can separate and contain business apps and data from personal apps and data. The company also helps employees set up an iTunes account, including buying them a $50 iTunes card.
By being able to personalize company-owned iPads, employees out in the field tend to treat them as prized possessions. The breakage rate for iPads at construction sites is surprisingly low, Lamonica says.
[Related: How BYOD Puts Everyone at Legal Risk]
However, company-owned devices that allow personal apps open the door to security risks, such as sensitive company data ending up in a personal Dropbox account and not the corporate-standard Box account. MobileIron's capability to encrypt data before it gets into a Dropbox account helps blunt the risk. Rosendin Electric also helped build Dropbox's data center and thus leverages its relationship to minimize exposure.
Employees Can Choose, but CIO Controls
"Do we have some shadow IT Dropbox accounts out there? Yeah, we do," Lamonica says, adding, "We cozy up to Dropbox and ask them, 'How many accounts of ours do you have out there?'"
Lamonica can ask these kinds of questions. After all, Rosendin Electric has a right to know what's running on its devices. By keeping BYOD at bay, Lamonica enjoys these and other advantages. It's something even early BYOD adopters are beginning to miss.
"Many of my colleagues and fellow CIOs started out with a BYOD policy and are now converting back to CYOD, or 'Choose Your Own Device,'" Lamonica says. "That's where you pick it out, and we buy it."
And, more importantly, the company controls it.
Tom Kaneshige covers Apple, BYOD and Consumerization of IT for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Tom at firstname.lastname@example.org