iPhone 4S sales are off the charts, even with its battery issues. iPad sales are similar. Android now is the most popular operating system for mobile phones.

So why aren’t you encouraging your employees to bring their own devices to work?

You’ll save money. Gain productivity. At, quite literally, their expense.

That’s because employees increasingly are expressing their preference for Apple and Android smartphones and tablets, as opposed to Research in Motion BlackBerry devices and, to some degree, standard-issue Windows laptop computers.

They’re buying the machines, out of their own pocket. Covering communications costs that you otherwise would be paying. From day one.

“You have users bringing these devices in the front door,” said John Herrema, senior vice president of corporate strategy for mobile security firm Good Technology. “And what’s interesting about these devices is, not only are they very capable, but the user can’t walk out of the store with one of these things and not attach a data plan to it. And CIOs are starting to recognize that.”

CIOs, as in chief information officers, rather than chief investment officers. But, either way, supporting this “bring your own device” movement gets its momentum from the return on investment that a company gets from it.

That is because it is almost all return and nearly no investment.

An employee buying an iPad2, for instance, pays anywhere from $499 to $699, plus tax and possibly shipping. Employer’s out-of-pocket cost: Zip.

An employee buying an HTC EVO 4G Android smartphone will pay $400. That person will pay $50 or as much as $80 per month for a data plan. Employer’s out-of-pocket cost: Zip.

Not surprisingly, financial services firms are among the biggest fans of this movement. In a recent survey of its 400 top customers, 29 of 40, or 72%, of the Good financial services customers who responded said they already were supporting a BYOD strategy.

Meaning: They were finding ways to encourage their employees to buy machines and data plans and incorporate them into their work.

According to Herrema, this can be as simple a plan as pledging an incentive of $20 or $30 a month—call it a “mobile productivity plan”—to help cover costs.

The company still avoids the upfront cost of $400 or more for the device and most of the cost of the data plan. In the employee’s eyes, the $20 can be seen as either getting a discount on the data plan or helping pay off the cost of the machine, over time.

The biggest potential drawback of the BYOD movement is the prospect, in chief information officers’ eyes, of opening up their networks to all kinds of mischief that might lie outside its control. Giving access to devices that have access to all parts of the Internet, without any controls, is not a viable option. That makes a corporate network vulnerable. Who knows what code might be “injected” into an internal network, if this front door is opened?

BlackBerry devices became the smartest phones for e-mail communications in the eyes of corporations worldwide because of the rock-hard security that RIM put in place. This has included such measures as support for password locks, the ability to remotely wipe out the contents in a device’s memory when needed and use of the Advanced Encryption Standard, an algorithm used by U.S. government agencies to secure sensitive documents.

These and other practices are controlled through a BlackBerry Enterprise Server that gets installed in a company’s communications network. Messages come in (and go out through) RIM’s network operations center.

Good Technology is now taking a similar tack to devices that run Apple’s mobile device operating system, known as iOS, or Google’s Android operating system.

Its Good for Enterprise software and communications architecture “brings that level of security management and control, to IOS and Android,” Herrema said.

Without even touching a user’s device, IT administrators can lock down functions such as the camera, infrared port, Wi-Fi or Bluetooth features, control which applications users can access, dictate which applications must be running before allowing a secure connection, and, like with BlackBerry, remotely wipe clean the contents of a lost or stolen unit.

Perhaps as critically, the architecture provides more security than the kind of Virtual Private Network protocols that allow a user to create a “tunnel” through the Internet to a company’s internal communications infrastructure.

That’s because, Herrema said, the user who has brought his or her own device into that infrastructure does not communicate directly with it. Its e-mail or other messages as well as requests to access the Internet through the company’s network go to Good’s network operations center. Similarly, any output from a company server or other digital device does not go directly to the user. That output, too, goes to the meetpoint.

The Good operations center makes sure no unauthorized code or communications from the Internet makes it through. Because there is not a direct connection. Messages themselves also are, like BlackBerry, encrypted using the Advanced Encryption Standard.

Of course, there is no free ride. There is a per-user cost to all this. Without volume discount, it works out to $159 per device. That is a one-time, upfront payment. Support is $20 to $30, for a full year.

So, even if just judged against a $60 a month data plan, the security system pays for itself in three months.

And the employee still has paid for the machine, out of his or her pocket.

The financial services firm gets the benefit of a more productive employee, who can connect to the company network from the device he or she prefers, at any time, from anywhere.

The company also can control how the employee uses the Web, for instance, as long as the person is accessing the Web from within the company’s network. If, for instance, the firm has put in place a product such as SocialWare to control what can or can’t be posted to social media sites such as LinkedIn or Facebook, those controls will be in place when the user goes to either site through Good for Enterprise.

This makes that device a “shared asset.” Companies get out of the device purchase, installation and maintenance business.

Instead, Herrema said, the company can just focus on providing access to the applications and data that lets users do their jobs.

And pocket the difference.

-- This article first appeared on Securities Technology Monitor.