Ігор Вишневський Gadgets 23 February 2026, 09:00

Corporate devices - "carrot" or "stick". What do IT companies allow to do and what not with the gadgets issued to their specialists? Ciklum, Railsware, Avenga and Svitla Systems answer

Today, a brand new MacBook or other flagship laptop issued at work is not a super bonus or even a competitive advantage, but a fairly familiar, even basic standard of the IT industry. Companies invest significant funds in hardware for their specialists, striving to ensure maximum productivity from the first working day. However, behind the pleasant ritual of unboxing a gadget, there is also a system of rules, restrictions, and controls hidden within which an IT company employee should not go.

Four-letter abbreviations. What policies regarding work gadgets exist around the world

Before proceeding to a direct analysis of the practices of Ukrainian IT companies, it is worth recalling that in the corporate world there are several established policies regarding work gadgets and their use by employees. For example, the COPE (Corporate-Owned, Personally Enabled) policy provides for the use of company-issued gadgets for both work tasks and personal purposes. Under such conditions, an employee can use the gadget quite flexibly for everything at once, independently choosing the settings of the necessary software, but there is one but — in fact, the employer gets potential access to your personal life. Will everyone like this? Hardly. COBO (Corporate-Owned, Business-Only) is a much stricter and unambiguous approach, which involves using a work gadget exclusively for work purposes — and not a step to the right or left. Everything is obvious here — for work you use one gadget, for personal matters — another.

The BYOD (Bring Your Own Device) policy is economical for the company in terms of hardware, as employees use their personal gadgets for work, but, at the same time, it is generally considered to be the riskiest from a corporate and cybersecurity perspective. A specific type of BYOD is POCE (Personally-Owned, Company Enabled) — a strategy in which the employer relies on employees' personal gadgets, but at the same time provides them with technical support for work-related matters.

Some companies also use the СYOD (Сhoose Your Own Device) approach in their practice, offering the employee to choose a gadget from a certain list of models, but this list is usually not endless, and the issues of security, as well as control and configuration of the software by the employer still remain open. That is, СYOD still has to decide what other abbreviation to turn into — COPE or COBO.

Well, another option, somewhat different from the above approaches to managing work gadgets, is VDI (Virtual Desktop Infrastructure). In this case, the company, instead of giving its employee a corporate device for work or somehow controlling his personal gadget, instead provides access to a virtual desktop in the cloud. Under such conditions, the question of who owns the gadget used — the employer or the employee — is not particularly important.

From laptops to solar panels. What corporate gadgets do IT companies give to their employees?

The policy of each of the four companies surveyed includes providing free work laptops to their employees, which is now a standard approach in the IT market. However, individual nuances of these policies may differ.

Daryna Kuzmyk, Talent & Culture Lead at Railsware, in a comment to dev.ua, claims that at their company, specialists can receive any device they need for work, in accordance with the defined Hardware policy. «The equipment is purchased on behalf of the company and is intended primarily for work use. After a certain period, the devices become the property of the specialist,» she noted.

A Railsware representative explains that the company expects a responsible attitude towards technology and the mandatory installation of certain security software (in particular, antivirus and project security tools). «The balance between autonomy and security is a key principle for us,» added Daryna Kuzmyk.

She says that full-time specialists have access to the Hardware policy from the first day of work, and the company can provide a backup laptop or purchase a new device depending on the location and terms of cooperation.

«Our policy recommends laptop models and other equipment according to the requirements of the project or position. However, of course, we reserve the full right for colleagues to choose exactly what they consider necessary. For example, designers can choose which monitor they like best: 27- or 32-inch, with a built-in camera or Type-C adapter. Some people find it more convenient to work with two monitors, etc. Whatever helps our specialists to be productive, we will support it,» assured Daryna Kuzmyk.

In addition to laptops, Railsware employees can order any equipment necessary for work, such as monitors, phones, headphones, peripherals, etc., within the available hardware balance. «For Ukraine, there is also the possibility of purchasing charging stations, solar panels, or Starlink — also within the policy,» the Railsware representative summarized.

In the Ukrainian office of Avenga, however, they note that all devices, such as phones, tablets, or other equipment used for project purposes or for work tasks, are provided by the company. «All corporate devices, if possible, are connected to the mobile device management (MDM) system. The main goal: security and control,» the company clarified.

The type of device (Windows or Mac), as Avenga says, is determined by the project requirements, and other working gadgets are provided, again, if the project needs it.

The Ukrainian office of Svitla Systems says that these issues are regulated by internal policy, which is part of the Acceptable Use Policy, «which describes the relationship between the company and the employee regarding the rules for using laptops and other gadgets.»

In accordance with the aforementioned policy, the company’s employees in Ukraine are provided with laptops from Svitla Systems, and other gadgets are issued depending on the specifics of the project.

In turn, Ciklum’s information security systems manager Serhiy Borona claims that all colleagues who need it are provided with corporate laptops. «Additional equipment may be provided depending on the role and specifics of the work,» he comments.

Your own laptop for work: a permissible option or a taboo

Avenga has a strict policy of not allowing the use of personal devices for work purposes. The company only allows the use of corporate devices in accordance with its internal policy.

In turn, the information security systems manager at Ciklum, Serhiy Borona, assures that the company has clear rules for using work devices and accessing corporate resources, the main principle of which is to protect the data of clients, specialists and business processes. However, this does not prevent the company from using not only corporate laptops, but also the BYOD (Bring Your Own Device) model. «But only on condition that such devices are connected to corporate security systems and are centrally controlled,» he notes.

According to Serhiy Borona, corporate devices are under centralized management through an MDM (Mobile Device Management) solution, which allows you to control configurations, updates, disk encryption, security settings, and device compliance with company policies.

«This is a standard international practice for IT companies, which allows you to combine work flexibility with a high level of cyber protection,» he assures.

The use of personal devices, according to the specialist, is possible only after they are connected to corporate security and management systems. «Without this, access to work resources is impossible,» he clarifies.

Therefore, the use of third-party devices in the company is allowed exclusively within the BYOD model and only on condition that the device is officially connected to the company’s corporate security systems and meets the established technical requirements.

«The use of any other third-party devices that have not passed the procedure for connecting to the corporate security environment is not allowed and is limited by technical means. This is necessary to ensure the protection of corporate and client data and compliance with international information security standards,» Serhiy Borona clarifies.

Railsware also says that using your own device is only possible in certain cases and with security requirements in mind. «Our IT Security team will always help you configure everything according to our standards,» said Daryna Kuzmik.

Svitla Systems has a similar approach. The company shared that they have a model for allowing the use of their own laptops, which takes into account the specifics of the project and the employee’s consent to the installation of a management system from the company.

Software on work laptop: maneuver is limited

When it comes to software on a work laptop, companies' approach may be more or less strict depending on who owns the gadget — the company or the employee, but under any circumstances, control cannot be avoided.

«We have an approved list of permitted software (the so-called whitelist) that can be used on corporate laptops according to the needs of different departments,» Avenga notes.

Svitla Systems explains that employees are provided with standard software and specific software depending on the project, but «installation of software without approval is prohibited and technically controlled.»

Meanwhile, Daryna Kuzmyk from Railsware explains that all specialists are required to install mandatory security software on their first day of work (antivirus and, if necessary, additional security tools), and the recommended operating systems are macOS, Windows 10/11 Pro, or approved IT Linux distributions. «Windows Home is not allowed due to security restrictions,» she says.

As the Talent&Culture Lead at Railsware added, additional software must meet security and licensing requirements, so if the software affects corporate infrastructure, its installation requires approval from the security team.

Serhiy Borona, information security systems manager at Ciklum, reminds that the company uses a centralized MDM device control system, and it has a list of allowed, prohibited, and programs that require separate approval.

Such a control system, in his words, allows:

automatically block unwanted or risky software,
allow only permitted software,
forward new analysis requests to the information security team.

«Self-installation of programs without approval is not allowed unless it is provided for by a controlled self-install mechanism within the allowed list. There is a separate internal approval process for the use of AI tools, including information security and data privacy checks,» explained a Ciklum representative.

Almost like flies and cutlets. Work separately, rest separately

We also learned how strictly companies pay attention to the use of corporate laptops or other gadgets issued to their employees exclusively for work purposes.

«There are no formal prohibitions on private and „domestic“ use. Moreover, after a certain period of time, the device formally becomes the property of the specialist. But we take into account that the equipment is purchased for work, so priority work use and compliance with security requirements are expected, in particular, auto-locking the screen, disk encryption, automatic updates, etc.,» says Daryna Kuzmyk, Talent&Culture Lead at Railsware.

Instead, Avenga has established a clear demarcation. «Corporate technology is used exclusively for work tasks and is subject to appropriate policies and controls,» it noted.

When asked whether company policy prohibits the use of work laptops for non-work purposes, such as entertainment, games, or non-work communication in third-party applications, Svitla Systems briefly replied that «company policy provides for such restrictions,» without going into details.

In turn, Ciklum’s Information Security Systems Manager Serhiy Borona explained that according to the Acceptable Use policy, corporate devices are intended exclusively for performing work tasks. «Use for entertainment, games, or third-party unauthorized services is prohibited. Such restrictions are aimed not only at security, but also at the stability of device operation and the protection of corporate systems,» he explained.

Don’t look inside!

We also asked how limited employees of the listed IT companies are in taking independent steps to repair and technically improve their work gadgets. Here, most companies showed unanimity — independent repairs or other actions with hardware are highly undesirable.

Serhiy Borona from Ciklum replied that any technical work is carried out through the company’s IT support. «Ciklumer creates a service request, after which specialists conduct diagnostics and organize repair or replacement of the device,» he explained.

Daryna Kuzmik from Railsware said that in the event of a breakdown or need for repair, a corresponding request must be created, after which their operations team coordinates the process.

«If the repair is agreed upon, its cost is covered from the hardware balance. Independent actions without consultation may not be covered by the policy. In the event of theft, it is necessary to notify our security team and obtain confirmation from the police. If such a document is available, the company remains responsible,» the specialist commented.

Avenga shared that during onboarding, employees are provided with information on the procedure for action in case of technical malfunctions or the need to service a work device. «There is also always a well-known IT department, which is usually the first place everyone turns to, which supports and organizes the process of repairing and replacing equipment. Unauthorized repairs or any interference with corporate equipment are strictly prohibited, especially if the device is under warranty,» Avenga warned.

Svitla Systems also responded that the work on optimizing and repairing equipment is carried out by the IT team, but «in case of logistical problems, it is possible to involve an employee with compensation for confirmed expenses.»

Corporate technology — «carrot» or «stick»

Finally, we also tried to find out from IT companies how strict the sanctions they impose in case of violation of their internal policies regarding the use of work equipment and negligent treatment of it, which could lead to loss or damage to the device.

According to Serhiy Borona, Information Security Systems Manager at Ciklum, the company has an official procedure for managing cases of loss, theft, or damage to corporate devices, which provides for a clear and transparent algorithm of actions for the specialist and the company.

As Serhiy Borona told our publication in a comment, in the event of loss or theft of a device, a colleague is obliged to immediately notify IT support and the information security service, which allows for the prompt application of technical protection measures — in particular, remote blocking of the device, disabling access to corporate systems and, if necessary, deleting corporate data. He added that each case of loss or damage to equipment is considered individually.

«If the incident occurred due to a technical malfunction, natural wear and tear, or circumstances beyond the control of the specialist, the company will cover the costs of repairing or replacing the equipment. If the device was damaged or lost due to violation of the rules for using the equipment or negligent treatment, the issue of compensation may be considered in accordance with internal corporate asset management procedures,» he explained.

At the same time, a Ciklum representative assured that the main goal of this policy is «not to apply sanctions, but to ensure the protection of corporate and client data, as well as to promptly respond to potential information security risks.»

Railsware stated that they «do not work through the „whiplash method“ and monetary penalties.» «Our experience shows that for adult specialists, clear rules of liability and an appropriate hardware policy with a transparent financial model are enough. If a device is lost or broken and cannot be repaired, its value is not returned to the specialist’s hardware balance. In the event of loss or damage to a backup device, the market value may be written off from the hardware balance,» Daryna Kuzmyk told our publication.

Instead, the «gingerbread method,» in her words, is more relevant for Railsware. «For example, we provide the opportunity to buy back certain equipment that is de facto written off the company’s balance sheet for a donation to a charitable foundation,» she explained.

As the Talent&Culture Lead at Railsware added, such auctions take place regularly, and colleagues are happy to participate, because, in her opinion, it is a win-win — an opportunity to do a useful thing and get equipment in good condition.

«For example, in this way, our specialists exchange donations for laptops, professional cameras, monitors, and sometimes even e-books or more „rare“ devices, on which the first lines of code in the history of Railsware were written,» said a company representative.

Avenga shared that they have a developed policy that defines employee liability in cases of violation of the rules for using corporate equipment, its loss or damage, but assured that each situation is considered individually, taking into account the circumstances.

«For example, recently our employee was in an accident where corporate equipment was damaged (total, but only for the laptop!). On the contrary, we promptly provide replacement of damaged equipment and, if necessary, provide additional support,» Avenga gave an example.

Svitla Systems did not go into details, but also confirmed that the company’s rules provide for certain penalties for violating the rules for handling work gadgets.

In 2025, Ajax Systems hired almost 700 specialists, while Sigma Software, on the contrary, lost 132 people. How the staff of the largest IT companies in Ukraine has changed

Ministry of Digital Affairs employees use AI-based software on their laptops that tracks cyber threats

Two IT companies dropped from Forbes Ukraine's list of the largest businesses. Now there are only six