Use the "Carrot and Stick" Approach
The key I've found is figuring out how to say yes to what they want and not make it too painful for the user. Establish set of policies and use a "Carrot and Stick" approach.
Carrot -- you can get access to corporate data, so long as you allow me to apply and enforce security policies like encryption, passwords, etc. So I'm saying yes and am accommodating your request, but you have to follow company policies. I will also charge you for this special additional service.
Stick #1 -- if you do not follow company policies, I will shut down your access. The minute you override or bypass or jailbreak you will be cut off from company data.
Stick #2 -- I will charge you higher for monthly IT services and support calls for these non-standard devices than I will for the corporate standards. Often 2-4X more. Let's say you use a chargeback model. I might chargeback each mobile user in a department 10-15 quid per month for standard company smartphone and then 30-45 quid per month for a special employee owned smartphone. Don't pay and I'll cut you off.
So now you can say Yes to the mobile user, protect the company, and get paid for it.
Biting the hand that feeds IT
