In view of the proliferation of mobile devices, it's surprising how few are appropriately secured against the financial, legal and regulatory risks associated with the potential exposure of sensitive data. Probably fewer than 10% of mobile devices used by major organizations have serious protection for stored data. This vulnerability persists despite the annual Computer Security Institute/FBI studies that document substantial financial losses associated with theft and exposure of confidential data and despite federal regulations governing the security of private data collected by financial and health care organizations. States are also enacting tough new laws such as California SB 1386, which requires companies to notify residents of any actual or potential incident that threatens the "security, confidentiality or integrity" of private data. It's little wonder that security tops the list of concerns IT managers expressed about mobile devices; 91% worry about protecting the data on mobile devices, and 72% worry about the theft of mobile devices.

Since mobile computing is a permanent feature for business, every organization needs to reassess its risk. One benchmark concept for securing mobile devices is to create "virtual physical access control," which means security equivalent to that of a PC in a locked office. Furthermore, as many devices are now being directly connected to the Internet, we must also consider the measures necessary to prevent unauthorized electronic access by remote hackers. Finally, organizations need to look at the infrastructure necessary to deploy and maintain physical and electronic access controls on large numbers of devices.

[ Read more ]