The approach that has worked several times is to provide a relative unbiased cost analysis of the move to new technology. A good analysis will include costs of not engaging new technology…
Sometimes this analysis will show that it IT Security is correct and that it doesn’t make financial sense for an organization at this time to make the move to the new technology.
A good analysis providing a good return on investment will often bring more pressure on IT security, (CIO and Director believe that it is a good way to go) to, at the very least, make an attempt at explaining why the NO.
If the analysis has not changed the minds, often a offer for pilot project will get an OK, Understanding that for a pilot project to fly the “suggestors” are going to have to put some skin on the table. An example would/could be: “IT Security could have the ability to “wipe” all personal data in the case of a compromised BYOD device, with no cost to the organization for lost data“