The new wave of handheld consumer devices in the workplace means new headaches for IT managers.

An IT manager wandering through the exhibits at a mobile and wireless computing expo might well wonder where the explosion of new applications and devices, many created for the consumer world, will lead.

How can a company even begin to manage live TV on mobile phones? How will the proliferating wireless e-mail be stored? How will it all be made secure, with so many different networks and devices and applications?

Companies have faced, and sometimes ignored, the demands of managing handhelds and wireless devices for years. IT managers waver between two approaches: throw open the floodgates and try to accommodate what's coming, or throw up your hands and ban everything except what you deem acceptable.

But the problem will become more complex as new university grads arrive at work -- and bring with them the consumer-focused devices and applications they see not as toys but as essential tools they have integrated into their lives.

When a young "prosumer" (short for professional/consumer) shows up with streaming video clips, live broadcast TV and a whole range of instant messaging, collaboration and music-downloading options on his smart phone, how will IT hold the line on standards?

And if he wants to use the device for work-related e-mail, access to corporate databases or storage of corporate data, will IT restrict the access pathway? What happens when that worker resists using separate devices for work and personal life? Will IT allow frivolous functions to run on the same approved devices as mission-critical ones?

Analysts say that over the next two years, these and other scenarios will force IT managers into the role of enforcer as never before. "The IT department has to do something about more and more consumer-type devices entering the enterprise," says Roberta Cozza, an analyst at Gartner. This will require careful planning at the highest management levels to develop policies that control devices and applications to limit security lapses and IT headaches while still winning the support of end users.

Two approaches

Some IT managers are already holding a tough line on handhelds and wireless devices, while others have tried to accommodate innovations.

"Why do we in IT care what that new hire just out of uni wants to run on his phone or device?" says the assistant vice president of IT compliance at a bank; (she asked to remain anonymous because of company considerations.) She believes the bank should ignore user pleas for consumer applications and set strict controls on devices and access.

"You have to protect the enterprise," she says. "You have to protect the customer. It's a huge thing for a bank."

Lapses that could result in leaked customer information could bring severe federal fines as well as damage to the bank's reputation, she said. "That's huge, and we could not be in business if customer information got out," she says.

The bank limits devices used by many of its 2300 workers. A typical knowledge worker carries a laptop, a mobile phone and a BlackBerry handheld capable of transmitting encrypted e-mail. Handhelds and phones are treated like desktop computers, with regard to access privileges and rules about what data can and can't be loaded on them, the compliance officer says.

Workers aren't allowed to attach a personal device to the bank's network, and they can't use the Universal Serial Bus ports of their laptops for storing corporate data, to prevent it from being transferred to a personal storage device.

"Control is important," the bank executive notes. "You can't be compliant [with rules such as the Sarbanes-Oxley Act] if you don't have control."

In contrast, at consumer electronics retailer, 4000 employees are allowed to use a fairly wide range of devices, including BlackBerry and Audiovox handhelds and Palm OS devices such as the Treo, says Jeff Robles, sourcing manager for enterprise products and transportation at the retailer.

"Given we are a technology company, we understand there are business requirements that will govern the use of our devices, so we attempt to manage to the need while mitigating any security issues," he says.

To do this, the retailer relies on several management software products designed to reduce costs and mitigate security and intellectual property risks by giving IT managers visibility into which employees have which devices and services.