IT departments are losing their technological grip as employees increasingly dictate which devices and applications get bought and used by businesses, a new study has found.

According to the survey of 400 IT decision makers carried out for EMC's RSA division, 20 percent of businesses polled now let users suggest which smartphones to buy, with a total of 60 percent offering them at least some input.

Around half let users have some input on which netbooks to buy, identical to the number consulting their users on tablet computers. Nearly half extend this to laptop choice and a third even allow employees some say on desktop PCs.

More than 80 percent permit employees to access social networks, with 62 percent actively using it to reach out to partners and customers.

The picture painted needs some qualification. Consulting employees is not the same acting on their suggested choices, and the act of asking is anyway considered politically necessary in many companies the better for IT departments to appear accountable.

Nevertheless, the survey suggests that IT departments are having to incorporate devices and applications into their planning that were intended primarily for use by consumers. This does appear to hint at a change in the power balance. Few employees will care which PC they use; their attitude to a personal device such as a smartphone might reveal stronger preferences and dislikes.

“User-driven IT has the potential to deliver huge benefits to users and their organisations,” said RSA COO, Tom Heiser.  “The companies that figure out how to unleash user know-how and consumer technologies while managing the risks will win this high stakes game.  This is the moment for information security teams to step up and be the most valuable players.”

Being a security company, RSA is interested in the security implications of all this consumer tech finding its way into a business environment – only one in five of those asked had calculated the risk of using such technology in business. Once this would have been foresworn by the IT department but, if the study is taken at face value, this model looks to be dying on its feet.

**The survey was carried out for RSA by IDG Research Services, a division of IDG, the publisher of Techworld.