Although I'm generally anti-BYOD and unconvinced by the touted supposed benefits to the company, it's making a stealthy small beginning with us in the form of executive mobile devices that are either non-Company, non-Windows or both. Ostensibly these only connect to Exchange via ActiveSync (the policies for which I need to review) but there's nothing to stop them being used as storage devices for files. At least I have DLP in place in the form of monitor-only file transfer checks by our AV software.

BTW, it might be wiser to call Android, iOS et al "less vulnerable" rather than not vulnerable. Or does Jack write these things to see if anyone's paying attention?