"It's really important in planning a mobile deployment of devices outside your firewall, that you establish a mobile security strategy, including application security," says Scott Totzke, vice president of the Global Security Group for Research in Motion. That means creating a comprehensive security scheme that can be monitored and enforced through a collection of software products, enforceable policies, and user awareness and training.
A key element in this strategy is handling the software that users can, or can't, load on these devices, Totzke says. "You create an approved list of applications, and the privileges they have when they're running on the handset," he says.
Unauthorized downloads can be blocked, and so can unauthorized actions by "legal" applications.
One emerging option, already established in Europe, says Stan Schatt, vice president for wireless connectivity at ABI Research, is a managed service for mobile security, such as the one recently unveiled by Sprint. For a monthly fee, the carrier pushes out regular patches and security fixes. Some vendors, such as Fiberlink Communications, offer a managed service for mobile security.