CISOs must establish a use case, risk management strategy and security policy. Certain employees can use iPads and Acer Iconias for specific applications and use cases. Users must be made aware that there is a quid pro quo relationship here — users get the privilege of using personal devices at work in exchange for IT/security to have physical control of device if necessary. Some CISOs require that mobile devices be instrumented with digital certificates which I recommend as a best practice. Some shops will control the resident applications on a mobile device but this crosses a dangerous privacy line.”]
Source: https://www.csoonline.com/article/2222034/mobile-device-security-reality.html