Content is critical
As you consider how to secure your organization's mobile devices, you want to take a look at the content stored on the smartphones that access your network, as well as on the removable flash cards used with them. Such content can be secured in a variety of different ways, depending on the device.
Your options may include requiring employees to use a power-on password, so that after N number of failed attempts to log on, the data stored on the device is wiped. Or you might consider encrypting data stored on the device or any flash card used with it, or using a device management solution that allows an administrator to remotely wipe the data in the event the device is lost or stolen.
In addition to data storage, you should consider controlling which applications are installed on the device. Some smartphone security solutions, for example, allow configuration of an "accept list" and "deny list" to restrict which applications can run on a mobile device. However, keep in mind that while this is helpful in controlling the applications the user is able to execute, it may not fully protect the smartphone from executing programs that have been compromised.
You may also want to restrict the operating system to allow only digitally-signed applications to execute on the smartphones. These applications can be signed by the company or certified by the operating system manufacturer. Third-party applications, including viruses and malware, would not be allowed to execute on the device in this scenario because they are not signed by your company. This approach provides the highest level of security, in which you exercise control on an application-by-application basis.
Some smartphones can also be configured to use your company's rights management system. In the enterprise, those systems are used to prevent unauthorized access to data-and with a smartphone, can prevent unauthorized users from viewing data regardless of their location. Further, when an employee is terminated, all access to content stored and controlled by the rights management system on the user's device can immediately be made inaccessible to the user.