Not just an important topic for the IT department, secure mobility is an integral topic that everyone in an organization should be aware of and be responsible for as we are a part of today’s extremely connected environment.

As users, expectations of secure mobility must not be compromised to be lower than current levels of service enjoyed in the fixed domain. This means organizations must learn to recognize that security needs of smartphones are equal to that of laptops. And for business decision makers, there is a need to understand that in order to truly get the most out of their mobile workers, the foundations have to be set right. Business professional users that integrate mobile devices into their working lives represent a range of threat and vulnerability risk profiles.
The real security threats are manifest in terms of how personal and corporate information is exposed to compromise in storage, during access and whilst in transport as well as some simpler form factor driven physical threats, such as theft or loss. User/User Group 'Operational Exposure' needs form a core component of the business threat assessment, before appropriate mobile security solutions can be prescribed for mobile devices.  

Mobile security is not simply a type of software or solution: it is a combination of solutions that together best meet the security policies and practices of the enterprise. It is useful to remember that business solutions also have their own security elements.

Mobile workers require remote access to databases and other host resources. For enterprises, it is essential to be able to control and manage access to corporate resources effectively. Only authorized and authenticated users can be allowed to access information or corporate services. Mobile access technologies also need to provide confidentiality, to prevent unauthorized parties from eavesdropping or interpreting the transferred information.
In addition, secure links retained when the network changes.

A trusted device is a result of combining building blocks, e.g. a secure run-time environment including an operating system such as Symbian or Java. This is enhanced by SIM and other hardware related features. In addition software solutions are used to prevent/mitigate the kind of threats associated with the Internet. Enhanced security solutions are emerging for the mobile business environment: examples include mobile device anti-virus software, VPNs (Virtual Private networking), firewalls and intrusion detection systems.

The threat of mobile devices being compromised by the same information security exploits that we have seen in the worlds of the desktop / laptop and other corporate computing platforms is very real.  The factors surrounding the progression of the threat start with the two fundamental facts

1. Mobile computing devices have an identity on the Internet and corporate networks and are therefore subject to the same network transmitted/propagated security exploits as we find for desktops / laptops
2. Smartphones and small computing platforms today possess approximately the same computing power that would have been found on laptops and notebook computers two or three years ago.

Memory, bandwidth and network identity are three factors that influence the scale and propagation speed of an 'outbreak'.  With each new product release, mobile devices increase each of these capabilities.  The good news is that, the lessons learned by the industries involved in the development of the Internet, ICT and Information Security industries are being brought to bear on the information security solutions for mobile devices.

Increasingly information security is factored into discussions of corporate governance, and so the level of professionalism and accountability required in selecting the appropriate tools to best secure corporate information assets is not one to be taken lightly.  Tools for the corporate information threat categories of 'data in storage', 'data access control ', and 'data in transmission' are very well developed, building on solutions developed for PCs and notebooks.  Tools in these categories, include, personal firewalls, file crypto solutions, personal anti-virus applications as well as mobile VPN (IPSec/SSL) remote access technologies. The 'personal mobile security tools' are pretty well understood by consumers and professional users, however for an enterprise with the needs of a business and multiple users to address, the challenge expands as do the toolsets to address the challenges.

As the requirement evolves beyond the needs of individual users, the enterprise mobile security toolset requirements need to factor in other less immediately obvious tools and solutions sets, such as 'full lifecycle device management for: issuance, maintenance, and decommissioning of mobile device fleets, software upgrades and security patches, and administrator controlled disablement (device lock/device wipe) of specific devices, at the end of service life as well having this option during a threat window or compromise through loss or theft'.

Mobile device management is also critical in providing the IT manager with powerful tools to remotely control and protect corporate data on the device and configure devices via device wipe, device lock or task management, application management and customization. Operators have the opportunity to offer device management services to capitalize on this need. In addition, software solutions are used to prevent/mitigate the kind of threats associated with the Internet. Similar security solutions are available for the mobile business environment: examples include mobile device anti-virus software, VPNs, firewalls and intrusion detection/prevention systems.
Business mobility is the ability to provide secure information at the point of business. Empowering workers with vital information at the point of business will create new value for organizations and management across the industries is catching on very quickly.