"The mature IT organizations that bring network security people to the table during the decision-making process are the ones who are doing the best job," Lobel says. "And people need to have these conversations about the risks and solutions in business terms so that everyone involved understands; it's hard to tell the CEO no when he wants something, so it's important to explain things in way that everyone grasps."
The mobile security ecosystem
Where there is cause for concern, there are market opportunities, and security software makers are moving quickly to cash in on the demand for more sophisticated mobile security.
One company, F-Secure, is sourcing its security applications through wireless carriers in an effort to stake a claim in the mobile device space. The Finland-based security vendor has signed deals with a range of leading European mobile operators, including Vodafone, T-Mobile, and Orange, to make its security tools -- which include anti-virus applications, firewalls, and encryption technologies -- available under the carriers' SLAs. F-Secure is looking to extend this practice in the United States in the near future.
According to F-Secure officials, bundling security into wireless contracts and allowing operators to offer additional device defense services will prevent enterprises from having to deal directly with a wide array of vendors, thereby securing mobile initiatives in a more cost-effective manner. Moreover, with security part of the package, end-users will also be more likely to use their smartphones in more interesting ways, says Curtis Cresta, general manager of F-Secure North America.
"The critical mass of smart device users is changing perceptions of adoption; much as with laptops, there has been a natural evolution with security, and a growing number of enterprises are now coming to us for advice," Cresta says. "For instance, there has previously been a bit of resistance to pushing business applications out to handhelds, and applications companies have even come to us looking for help selling their products, but the market appears to be coming around, and having better security available from the carriers is a significant part of that."
Wireless operators themselves are looking to benefit from the greater emphasis on mobile security, as some are already marketing what they describe as mobile lifecycle management services, which promise to offer end-to-end security capabilities.
Sprint Nextel, for example, offers Sprint Mobility Management. Available for roughly $8 per user, the portfolio includes compliance, data protection, and anti-virus services for handhelds, along with other nonsecurity capabilities.
Sprint executives contend that wireless operators, which have existing relationships with device makers, operating system providers, applications developers, and the like, are best positioned to pull together a comprehensive set of security features and to free user organizations from trying to manage them all on their own.
"Security concerns have slowed down adoption of smartphones in the past, especially with high-sensitivity organizations operating under regulations and compliance concerns," says Stephanie Burnham, product marketing manager at Sprint. "We're trying to recognize these concerns and help organizations get over the obstacles that prevented them from using all the mobile business applications they might otherwise adopt."
Learning from laptops