End User Computing security seems to be in the hands of the users not actually the IT Security department. At least not yet. So what can we do about this? IT security can be draconian and not allow EUC devices into the office, but the users will be up in arms. They use their smart phones, tablets, laptops, and services on their desktops to get their job done. Draconian IT security measures will hamper timely completion of critical projects, deals, and workplace moral, thereby impacting the bottom line. However, the bottom line will be impacted just as heavily by the lack of security by the end user devices. So how can we alleviate this problem?