How do you secure BYO Device?

: @orinthomas There’s a joke I heard that went “making something more secure makes it more inconvenient, so the more inconvenient you make something, the more secure it gets.” The tension between IT departments and the Bring Your Own (BYO) Device crowd isn’t an issue of IT departments being drunk on their own power, forcing workers to use uncool computers that have all the style of purple shag pile carpet. It’s an issue of convenience versus security. BYO Device is a convenience issue.  And keeping a personally managed computer secure is inconvenient. That’s why, a year after Windows 7 was released, 25% of computers had out of date anti-malware protection. Source: http://blogs.msdn.com/b/b8/archive/2011/09/15/protecting-you-from-malware.aspx. The chance of a personally managed computer having out-of-date malware protection increases with the age of the computer. It’s hard to manage and monitor BYO Devices. A phone, tablet, laptop, or ultrabook could be working fine or completely infested with malware. Unless you have some sort of monitoring solution, it’s almost impossible to tell. An organization considering a BYO Device policy needs to take steps to ensure that security is maintained. That the devices connecting to your Exchange and SharePoint servers aren’t riddled with malware. In the long run, it might be simpler and cheaper to buy users flashy computers and manage them centrally rather than to hope that they’ll keep the security on their own devices up to snuff. -- My new book: Windows Server 2008 R2 Secrets. It is a book for experienced Windows administrators who are new to Windows Server 2008 R2 and don't need a lot of basic introductory level material: