My company is considering purchasing new smartphones for all employees and I am concerned about the implications of what this means for tracking our sensitive data. What are the special challenges of protecting data in an increasingly mobile workforce, and how can I meet my data protection goals?

Hot mobile products such as the iPhone and Blackberry are now everywhere in organizations, but with these products come new challenges.

iPhone slurping challenges have been seen by many companies - the 16G of storage on the iPhone is used as a USB drive to extract information from company terminals. With the large amount of storage on these devices, the loss of this data represents a huge exposure risk. Obviously, mobile phones are not the only vectors of exposure. Large USB drives, WiFi networks, and Bluetooth networks all put data at risk. The model of protecting organizations secrets by erecting a huge wall and guarding it no longer works.

The first step to protecting an organization's data is to define what data needs to be protected. This is not a trivial problem, rather one that if often outside the knowledge and expertise of an information security team. How can an information security team know all the information to protect? This is where either information taxonomy is critical or data-at-rest scanning tools are key. Information taxonomy reports are created by working with departmental stakeholders to identify what information is most critical and what the intended uses might be. The alternative is to use data-at-rest scanning solutions that, once plugged into an organizations network, can discover what information exists and where. Armed with this knowledge precautions can now be taken.

Smartphones send e-mails through corporate e-mail servers. The information leaving from these servers can be analyzed by opening attachments, examining the text of e-mails and then making decisions. From this perspective it does not matter if the smartphone sends information or if it is sent from a desktop machine.

However, how does an organization protect against the loss of information using smartphone storage disks, large USB disks or even WiFi networks? Similar to how anti-virus products scan information entering or leaving a terminal, data loss prevention host-based technologies allow for full content-based analysis of information being moved to a smartphone. These agents are armed with policies around the content that needs to be protected as well as documents that are sensitive thus providing protection for all content that is leaving from the terminal. With broad content protection checking all information leaving a machine and a network, it no longer matters how information is accessed and communicated. With the right tools in place, smartphones can be used easily and with little risk to an organization.