Any device that contains company information is an endpoint, right? So how do you protect your data on the personal devices in your employees' pockets, cars and homes?Depending on your company's IT Budget -- always assuming, sigh, that you still have an IT budget -- your employees may have newer, smarter, more sophisticated personal devices than the equipment the company provides.

Result? Employees using their own devices to get their work done. And if those devices don't carry at least the same levels of security that workplace do, the potential for problems -- and, at worst, disaster -- is vastly increased.

At what point do you address this issue -- and how?

The point to address the issue is now -- this one isn't going to go away and is, indeed, only going to grow more ubiquitous.

As to how -- you do it, I believe, with your employees' help.

How recently-- if ever -- have you discussed the boundaries, or lack of them, between business and personal technology, including software, as well as the devices on which the software runs?

Have you ever polled your employees to discover what IT tools and technologies not available from your company might help them do their jobs more effectively and efficiently?

How about asking them if they've ever used such technologies -- including personal e-mail accounts to get their work done, whether or not you have policies in place prohibiting such behavior? (If you do have such policies in place, this one might best approached with a sort of one-time amnesty for violators, making clear that the policy is serious and will be enforced after the audit -- but making clear as well that the results of the audit may produce some changes in the policy.)

What level of employee input into your company's security posture have you requested? Your most tech-savvy employees may have good ideas and strategies that you've overlooked.

Finally, have you given some thought to more actively partnering with your employees for the protection of your data on their devices -- and the protection of their personal data as well? Perhaps you wrap their devices into your overall security/endpoint monitoring posture, agreeing to cover their security needs in return for their agreeing to the coverage and the monitoring.

While there are doubtless privacy and related concerns involved with that last -- these are employees, not property -- those concerns can be discussed, addressed, dealt with.

The real issue, ultimately, isn't the technology itself. In today's always connected environment, the employees themselves are the endpoints, whatever the technology they're using.

Time to turn those endpoints, all of them, into defense points for your business.