More than 75% of security and IT leaders say that employees' personal device and application proclivities are causing a fundamental shift in how enterprises evaluate and purchase their security. That finding comes from a new IDG Research Services study, commissioned by EMC's security division, RSA, which surveyed almost 400 security and IT decision-makers in June about user-driven IT trends.

According to the IDG study, gone are the days when IT alone evaluated and selected technology for the enterprise masses. At 60% of organizations, end users now have a say in which smartphones the enterprise will support, and at 20%, they get to decide what to adopt.

Likewise, half of organizations' IT groups allow employees to provide input on which netbooks and tablets to procure. One third of companies query employees regarding desktop selection, and nearly half do so for laptop purchases.

One line of thinking about the evolution of technology in the workplace is that it's been a story of give and take: Businesses gave employees laptops, then expected them to work outside work hours. Ditto with pagers, and then mobile phones.

As mobile devices have become more powerful, however, many employees have pushed back, arguing that employers should help them adopt the latest mobile technology -- regardless of whether the employee buys it -- and give workers greater on-the-go access to business software and data to help them get their jobs done more quickly.

But when it comes to enabling and securing access for these devices, many IT departments are lagging. As a result, while employees embrace greater mobility and information sharing, as well as quicker and more cutting-edge devices, they must sometimes go so far as to break corporate security policies to get their jobs done.

According to Tom Heiser, chief operating officer at EMC, it's time for information security teams to "step up" and help enable these devices, rather than restricting them. "The pressure is on IT, because the way people try to get value out of technology can sometimes prove unpredictable."

It doesn't pay for small and midsize businesses to protect against security threats faced by only the largest companies. Here's how to focus your efforts on the right threats. Download our all-digital supplement. (Registration required.)