In view of the proliferation of mobile computing devices, it is surprising how few are appropriately secured against the financial, legal and regulatory risks associated with the potential exposure of sensitive data. Probably fewer than 10 percent of the mobile devices used by major organizations have any serious protection for stored data. This vulnerability persists despite annual CSI/FBI studies that document substantial financial losses associated with theft and exposure of confidential data, as well as stringent federal regulations governing the security of private data collected by a broad range of financial and healthcare organizations. States are also enacting tough new laws, such as California SB1386, that requires companies to notify residents of any actual or potential incident that threatens the “security, confidentiality or integrity” of private data. It is little wonder that security tops the list of concerns IT managers expressed about mobile devices; 91 percent worried about protecting data on mobile devices and 72 percent were worried about the theft of mobile devices.
To begin, it is useful to think of mobile devices as self-contained networks, needing essentially the same types of security measures as enterprise networks, specifically access control, user authentication, data encryption, a firewall, intrusion prevention and protection from malicious code.