The New York Times has an article about companies accepting personal laptops as an employee’s primary office computer. This saves money for the company and increases worker satisfaction, but security must also be considered.
Attackers have shifted from targeting servers to targeting end user’s computers as they’re often the weakest link these days. If your company has sensitive corporate data and wants to allow personal laptops, don’t forget to consider the security of those devices. Possible options include requiring users to meet the same level of security as company-managed devices (verify with quarterly checks or centralized management software), or increasing security around the device with network intrusion detection systems. A potential legal option would be a waiver that the employee signs, assuming all responsibility and costs for security breaches caused by their laptop. It’s definitely not the friendliest option though, especially if there’s a security breach.