Make sure your employees have a phone that is more than just cute – it’s secure

Handheld devices present IT departments with a unique set of support challenges. "Users view handhelds as personal devices and treat them that way rather than as important corporate assets," says Ken Dulaney, vice president at Gartner Inc. Consequently, he adds, new security holes are emerging and IT departments need to fill them immediately or they run the risk of encountering catastrophic problems. The rapidly growing processing power and storage capacity of these devices are making employees significantly more productive when away from their desks, so they're gaining a high profile in the enterprise. Hewlett-Packard Development Co.'s iPAQ hx2795 Pocket PC, for example, features 384MB of memory, integrated Wi-Fi connectivity and a 3.5-inch display.

So the first step in securing mobile devices is figuring out who has them. "There are always a lot more handhelds accessing company networks than the IT department thinks there are," says Jack Gold & Associates' Gold.

Even though users may not turn to the IT department for help buying these products, these departments are responsible for them. Because of recent changes in federal compliance regulations, the IT department needs to put checks in place to make sure that data accessed via handhelds is protected. Currently, handhelds represent an area where such checks are likely missing.

Analysts estimate that as few as 10 percent-and at most 35 percent- of organizations now have policies in place that outline how to secure handheld devices. Without such policies in place, companies are running a risk. E-mail systems are another area where reliance on handheld systems is increasing. One reason for this is the more advanced functions of the systems. What has helped in this regard is Microsoft's decision to begin bundling Exchange Server Service Pack 2 and Messaging and Security Feature Pack (MSFP) software in Windows Mobile 5.0. This lets users send e-mail messages and contact information to handheld devices over cellular networks, something Microsoft calls Direct Push.

Microsoft is committed to ensuring that all endpoints are as secure as possible and that IT can be accountable for maintaining adequate security. Entire article