4. Try to expand your endpoint security policy to mobile endpoints (URL filtering/AV/media handling/firewall) but do not get overexcited, only deploy the solutions that work. It is a good idea to implement these solutions at the enterprise gateway (proxy all network connections) instead of limited resource mobile devices. URL filtering in the cloud is a very good example.
5. Try to expand your corporate phone system to your smart devices. There are soft clients that expand into mobile devices seamlessly so that all voicemails/extensions/DIDs do work on your smartphones. Again do not get overexcited. This expansion will carry over your existing security to mobile devices.
6. Do 802.1x on the wireless VOIP clients on the smartphones.
7. Manage authentication with certs (preferably on the SIMs)
1. Do not block all third-party applications. Have a process to approve applications. Create a whitelist for approved applications. 'Blocking' is not the keyword, the keyword is 'controlling'.
2. Do not allow unmanaged devices to access and retrieve classified data (and if you do not have data classification, please do). The data on the unmanaged devices should be treated as lost (they will be). If you allow unmanaged device access make sure that you manage the risk.
3. Do not install more than 1 security clients on mobile devices. If it is possible, do not install a client. They are already slow maybe in the future, focus on network based security solutions.
4. Do not make these devices more slow or more complicated for end users, your projects will be terminated regardless of the security merits.
5. Do not allow every single carrier. Try to standardize end point device types and the carrier.
Read more about data protection in CSOonline's Data Protection section.