One of the popular items in the information technology field these days is no doubt the explosion of the mobility market.  In my network of colleagues each seems to have their own opinion as to why their iphone, android, blackberry, or whatever...is the best device for them.  One recently showed me how he can point his iphone at the sky and it will provide a guesstimate of the name of the star it's pointing at along with a information about it! 

As has been the trend in the past, this sort of explosion leads to the development of literally millions of lines of software (ie apps!) and consequently increasing complexity on the device.  This is a generalization as I will make note that the software development industry is always focusing on improving security in the software they develop.  Or at least most of the good ones are always trying to improve.

In my humble opinion though, this increase in complexity leads to a greater likelyhood that the overall security of the device will be reduced. 

Consequently many of the players in the information technology field are enhancing or developing security based solutions for the mobile devices.  You probably have already heard or will soon of the development through organizations such as Symantec, McAfee, Cisco, and Juniper Networks. Additionally there are smaller but well positioned organizations making a play in the market such as MobileIron and Boxtone.  Each of these companies are providing solutions currently running in enterprises around the world.  Comments and feedback as to other manufacturers of security solutions that have strong solutions are welcome!

With all of this buzz business decision makers and owners should at a minimum consider the following as key areas of concern.

First, develop a security policy for how mobile devices should be handled by employees.  In particular the policy should note how sensitive data is to be managed.  Once the policy is developed, as always, ensure to communicate and train employees on the policy consistently.

Second, as virtual private network solutions are developed and corporate applications are leveraged on mobile devices, consider quarantining and scanning unmanaged devices prior to allowing entry into your corporations network.  Unmanaged devices are those devices that the employee has purchased and owns.  Unmanaged can also be considered guest devices from vendors or partners that are provided authorized access to the corporations network.  Since unmanaged devices are more difficult to lock down and manage, scanning for unwanted viruses before providing entry is critical.

Finally, implement a solution that does a remote wipe of data on the device.  This is essential, especially with compliancy, as employees will lose devices and devices will be stolen.

There are solutions that exist presently that can handle all of the items above, so research what's available and again feedback is welcomed on 215Secure's blog!