And it's not just the Feds who have mobile security and encryption in mind. Private organizations in the health care, financial services, and manufacturing sectors also confront significant mobile information security issues, particularly those affected by data-handling regulations such as Sarbanes-Oxley and HIPAA. As these organizations distribute handhelds to senior executives and work through initial pilot programs, they gain a better understanding of related security implications.

"Mobility is bringing more functionality into enterprises as the devices expand, and there are great productivity gains, but on the flip side the costs of downtime and impact of potential data loss have increased significantly," says Kara Hayes, senior product marketing manager for the security and mobility connectivity group at Nokia. "As people look at ways to roll out these devices to a larger community base, they want to be able to manage security centrally and gauge the impact with their existing security operations."

Hayes says security concerns most commonly voiced by enterprise customers include issues related to lost devices, use of unsanctioned handhelds or mobile applications, and the potential for hackers to hijack the machines' wireless data transfer systems.

The technological solution that appears to be generating the most interest among enterprises of late, Hayes says, is encryption, with companies increasingly seeking ways to tailor the security feature to different sets of users.

"With encryption, companies are figuring out that they need to know who the users really are and what type of functions they are going to use; they understand that they need to have different types of policies and deploy different levels of encryption to the necessary users, and not necessarily everyone," Hayes says.

"If an individual is a hard-core user of e-mail, messaging, or mobile [CRM] tools, they are at higher risk and need this type of protection," Hayes says. "Having different policies in place makes it easier to manage deployment across an entire mobile user base."

Secure by integration

One of the issues Nokia stresses with smartphone customers is the need for organizations to synchronize mobile device security with back-end network protection to ensure that administrators can isolate potential weak points in their overall infrastructure.

And consultants agree that a comprehensive security strategy is vital for preventing headaches down the line.

If mobile device security is handled without direct consideration of its impact on other IT operations, issues of interoperability and compromises in protection will be inevitable, says Mark Lobel, principal for advisory services at PricewaterhouseCoopers.

"The problem and the opportunity with these more powerful mobile devices is that the data is now everywhere users want to carry it, and people sometimes bring the technology onboard in consideration of the benefits without considering all the risks," Lobel says.

"The mature IT organizations that bring network security people to the table during the decision-making process are the ones who are doing the best job," Lobel says. "And people need to have these conversations about the risks and solutions in business terms so that everyone involved understands; it's hard to tell the CEO no when he wants something, so it's important to explain things in way that everyone grasps."

The mobile security ecosystem

Where there is cause for concern, there are market opportunities, and security software makers are moving quickly to cash in on the demand for more sophisticated mobile security.