Why BYOD policies are necessary.
The necessity, design intent and legalese of BYOD policies is due in large part to the limitations of current mobile devices to isolate apps and data from eachother. Today, we download and mash together all of our apps and data onto a single homescreen (or two). Some of us are organized enough to create app folders, or addtional screens into which we place our apps. But the fact remains that these apps and data all share the same storage location and device memory so our corporate information is sharing the same device space as our personal data. What if we could isolate corporate apps and data from our personal apps and data ... and as device owners permit our IT group to see and manage only the corporate apps and data. After all, it is our device and IT is a guest on our device.
MDM products are not security products, they are device management products. Some MDM products provide lock & wipe features but many are device-wide lock & wipe functions while some provide "Enterprise wipe". But from a security perspective the apps and data are all co-resident. If the User downloads a malicious app then the corporate information could be at risk.
A security product would create strong separation or isolation of the apps and data for each context of the users life: work, play, parenting, finance, health, etc. And for BYOD, would allow the device owner (user) to be in control of those isolated spaces. Sure, they can delegate the management of the Work space to a 3rd party like their IT admin. In this way the corporation gets what they want: security and control over corporate information while the device owner gets what they want: personal privacy and the convenience to use their mobile device exactly the way that they want.
Personal disclosure: I work for a software security company that creates a system-level virtualization/containerization solution that solves the BYOD issue and multiple other consumer use cases. I am simply concerned that corporations and employees are suffering through these complex policies and processes to compensate for inadequate mobile device capabilities. Rather we should be telling the device manufacturers that their phones need to support all of our desired use cases: work, play, sharing, banking, shopping, etc.
My hope is that next generation mobile devices permit their use across all the various contexts of a persons life ... not just work and play.