As mobile devices become more powerful and more widely used, security has become the proverbial elephant in the room. Everybody knows there is an entirely new set of security issues that come into play, but few people are sure what to do about them. The excitement to deploy mobile content can make companies and organizations compromise or even overlook the security implications. 

The convenience of mobile devices is also their downside. A portable item that can have access to your work, and personal information is easy to misplace or be stolen. PIN security codes help to protect that information somewhat, but the only way to truly protect the information on a device is a mobile wipe. Of course, that task must be completed in a timely manner, when you need to truly keep your information from falling into the wrong hands. 

Custom applications for mobile devices are another problem area. Whether they are native code or mobile web apps, if they are accessing remote data, there is a risk. Researchers are finding that most mobile apps (more than 50 percent, and nearly 90 percent of third-party apps) do not use secured connections for data access. Something as simple as requiring SSL connections can help protect important and confidential data. 

Another concern as mobile devices are used more frequently in the corporate world is that they add new vectors for potential threats. The devices are using new operating systems that don’t fit with most security vendors’ software offerings. Some internet security companies, such as Symantec and F-Secure, have recently introduced security software for mobile devices, but they don’t work with the integrated security systems that most IT departments already have in place. 

Some companies may be relying on their network security gateways to provide protection for mobile devices, until users switch to mobile connections and bypass those methods entirely. This adds the risk of a mobile user accessing a compromised file and bringing it into the network, bypassing security controls. Add in the already known issues of unsecured wireless networks and Bluetooth vulnerabilities when mobile users are outside of the office, and it is easy to see why some corporate IT departments are nervous about the proliferation of mobile devices on their networks. 

After hearing all of that, it might seem like mobile security is nearly impossible to achieve. It is easy to become paranoid about vulnerabilities when you start researching security issues. 

The good news is that there are some positive points to talk about as well. The new mobile operating systems run apps in separate memory spaces that make it more difficult for potential viruses to hijack a device. The review process for iOS apps and the new security requirements for Google Play should help keep apps more trustworthy. 

The mobile device makers are taking the issue seriously, as well. They understand that people want their devices to be secure and are taking steps to improve security in the future. 

So what’s the answer? 

As with any evolving technology, use common sense and caution. Don’t rush into content mobile delivery. Create a standard of best practices for your mobile users, and then distribute the information through all of your regular channels, such as newsletters and your intranet site. You can also consider procedures, such as requiring PIN codes, setting up a remote wipe method, and considering data encryption.

The most important step is to find a comfortable middle ground between security and ease of use. As mobile devices become cheaper, if your policies are too restrictive, users can easily buy and use their own phones or tablets and circumvent all of the protection that you put into place. Mobile devices should be used to make tasks more convenient. Keep them that way, and everyone will be happy.