As head of IT for a public health organisation, he is well aware of the sensitivity of the information pervading his systems. But he recognises the security model he adopts cannot be so inflexible that it cancels out the benefits of the business in terms of mobility.

He is moving away from the firewall-based approach to security to one where data is classified according to its sensitivity and the level of protection is set on that basis. He admits that the granularity of that classification is still quite limited, but he hopes that in time he will be able to set a spectrum of security levels for data going out to mobile devices.

Login systems are strictly applied so that no device, whoever owns it, is switched on without a passcode. All data that goes out to mobile devices has to be encrypted. All devices have to be set up so that they can be wiped remotely if they are lost.

He says: "Device encryption has been a standard within the NHS for a long time. We wouldn't countenance anything that wasn't encrypted, because things do get left on buses."

Undoubtedly, CIOs face some disruption as consumerisation takes hold of the workplace, but as Callow, Shakespeare and Powell have demonstrated, there is still a need for umbrella technical architectures to get the full benefits of mobility and choice, without the IT strategy turning into chaos and the tools to help them do this are already available.