Security remains mobility's weakest link

From top-level execs to workers in the field, enterprise end-users are growing increasingly dependent on anywhere, anytime access to essential corporate data and apps. As such, the call for an effective, business-critical mobile initiative is fast becoming the norm for organizations of all sizes.

[See related story: Mobile malware to pose significant threat]

But with greater exposure to information technology assets comes greater information security risks. And just as enterprises replace conventional mobile phones with newer handhelds that offer datacentric tools and access to sensitive information, IT departments are increasingly being forced to retool their data defense requirements to account for smartphone and PDA use.

"Organizations are thinking about the BlackBerry or smartphone as an extension of the computing network, and as a terminal that's carrying a lot of sensitive enterprise data," says Scott Totzke, vice president of the global security group at Research in Motion, maker of the BlackBerry handheld device. "We're hearing more than ever from customers looking at protecting data on the device. They want tools to kill information or lock it down when a handheld is lost, they want to encrypt sensitive data in transit and at rest, and there are growing concerns around compliance."

Although Totzke denies that security concerns are slowing down enterprise uptake of RIM's BlackBerry devices, he admits the issue has made his company's sales process "more complex," as customers are going to greater lengths to ensure that data on handhelds is adequately protected before they buy.

One such customer, FOWGroup, supplies IT services to the U.S. Department of Defense, among other federal agencies.

In working with the Pentagon's IT leaders on mobile device adoption, including an ongoing project to replace 1,200 existing handhelds with new BlackBerries, executives at the consultancy say that security concerns have become a primary focus.

In May 2006, the highly publicized theft of a Department of Veterans Affairs laptop containing millions of servicemen's records led to a series of heated debates on Capitol Hill. Since then the emphasis on making information security a central part of the hardware procurement process has shifted to the fore, including for handhelds, says Will Alberts, chief executive of FOWGroup.

"No one wants to end up on the front page of the newspaper, and everyone recognizes that the additional capability of storing more data on the device opens new risks," says Alberts, who is also a member of the National Security Administration's Joint Wireless Working Group.

"Senior leaders can't get enough of these types of devices," Alberts adds. "And sometimes their concerns around security are less than you hear from IT, but there's no question that the information-protection issue has become a central consideration for everyone."

Encrypted mobility