It's fear of copyright lawsuits and even having the Business Software Alliance convince federal marshals raid the business.

It's fear of malware.

It's fear of data being locked up in the format used by an employee's personal tool.

Above all, it's fear of being held responsible for any of the above.

It's also a fear of being not needed.

And the best way to avoid all first 3 is doing your job and giving them the correct tools the employee needs (even for the things they don't "strictly" need for work but might be useful)

Yeah, it seems like the VP's choices were A) risk IT security or B) guarantee total personal career failure

Having the resources to install a CRM for someone this year is a fundamental part of any properly equipped IT department.

Can you call your IT security strong if you are dangling irresistible incentives to break the security?