Of course it is never that simple as it is the exceptions which drive the rules and when you start to think it through, using your own IT equipment will generate quite a few exceptions.
The piece that companies often forget is security - what is the employee doing to secure the laptop or mobile phone? Which anti-malware product are they using and are they keeping it up to date? What about patching of the OS and applications, including the browser? Can they connect to the enterprise network securely, and can appropriate security policies be enacted when they do?
And how are they keeping 'work' files separate from 'personal' files? Is there any backup? What happens to the corporate data when they leave the company? What happens if they lose the laptop - will you know about it or will you end up on the front page of the news in a data leak scandal? Can your audit requirements be met?
As companies start to think about using the cloud, a lot of these questions need to be asked all over again. The cloud provides a huge opportunity for collaboration, and guess what, you won't be in control of the IT devices that are used with your data in the cloud either.
This isn't just about the cloud service provider equipment, but all the endpoint devices as well. The problems can be overcome, often by asking the right questions and defining appropriate policies - the J ericho commandments and the self-assessment scheme are there to help.
Author: Guy Bunker, Jericho Forum Spokesperson and Partner, ExecIA LLP