Job 1: Protect Mobile Data, Not Hardware

Until the last year or so, the biggest worry about managing mobile devices was loss or breakage. Those days are gone—forever.

Today, mobile devices, including smart phones and personal digital assistants, hold critical corporate data, says Sarah Hicks, vice president of strategic opportunities at security software provider Symantec. Of 350 corporate smart-phone users Symantec surveyed last year, 60% stored confidential business or client data on their phones and transferred confidential business and client messages—to say nothing of personal confidential data, admitted to by 56%.

With so much sensitive information now on portable devices, securing them has become a major concern. Research from Gartner finds that CIOs currently rank mobile security and workforce enablement right behind business intelligence applications as their top technology issues.

"This confluence of capability creates a fully functional device in the palm of your hand, but with none of the security features of a notebook or desktop," says Mark Komisky, CEO of Bluefire Security Technologies, which provides mobile security services for these always-on devices. "Companies now think of them not only as a device that could be hacked, but one that could be damaged, allowing viruses to attack networks."

Indeed, many employees still buy their own devices and then hook into corporate networks. Companies supply only 38% of the devices used by their employees, according to an early 2006

In-Stat survey of smart-phone acquisition.

"Organizations see mobile devices as an enabler. There are certainly risks—they're aware of them—but the benefits offset the risks," tells Stacey Quandt, research director at Aberdeen Group. Quandt recently tracked internal threats, including to/from mobile devices, in "The Insider Threat Benchmark Report: Strategies for Data Protection."