Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

And that can change your whole approach. We keep coming back to security, or the lack thereof, as one the pillars of compliance management, and for good reason. With mobile devices such as cellphones, PDAs, laptops, and the array of removable storage media for those devices, the threats are doubled because the data is still exposed to networks (internal and external) and also more susceptible to physical threats (theft, damage or getting lost).Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.

And that can change your whole approach. We keep coming back to security, or the lack thereof, as one the pillars of compliance management, and for good reason. With mobile devices such as cellphones, PDAs, laptops, and the array of removable storage media for those devices, the threats are doubled because the data is still exposed to networks (internal and external) and also more susceptible to physical threats (theft, damage or getting lost).

Since the only way to prevent security problems or noncompliance with mobile data is to not allow the use of mobile devices, most IT managers are doing the next best thing, instituting policies around what data is allowed on these devices.

Policies that require the encryption of private data, or software that performs the encryption automatically seem to be the most effective, according to the IT Arhitect article, It's Audit Time. Do You Know Where Your Private Data Is? But what about the cryptographic keys? Since the mobile devices themselves are not designed to sit safely behind corporate firewalls, the keys need to go with them, and that defeats the purpose, so some vendors of mobile devices are using dedicated PKI chips.

And then you have to decide what gets encrypted and build policies around it. Yes, life was easier without mobile devices. But Rebecca Herold, an information privacy, security, and compliance consultant, author and instructor, has some advice about those policies. In her Top 10 Mobile Device Privacy Policies Herold outlines 10 things you can do to reduce the risk that confidential information will be accessed from lost or stolen mobile devices.

As your users access confidential data from both the network and from mobile devices, authenticating their access becomes more complex. There are still issues to resolve but the new standard, SAML 2.0, is making federated identity management technologically viable and may finally pave the way for single signon (SSO). But as the article ID Keepers Hit The Mainstream points out, you still have to appoint someone you trust to control all those identities.

For more on that, check out the review of Red Hat's open source Certificate System 7.1.Is that a good thing, or bad? As if you didn't have enough to worry about, in today's business climate you must not only find ways to ensure compliance with corporate data use policies, you have to include those rogue laptops and other wayward mobile devices in your management approach.