We often talk about mobile device security in terms of the latest worm, virus or attack that the "bad guys" are planning to launch onto the Palm, BlackBerry or Pocket PC devices.

Most companies probably don't realize that their corporate data is threatened more by the actions of the "good guys" - the employees in the company who are using the devices. An employee plugging in a USB thumb drive into their laptop has just exposed a potential vulnerability greater than a cell phone virus that may or may never get downloaded onto their device.

For large companies, getting a handle on what employees are doing with their notebooks and portable devices is the first step in providing a comprehensive security plan for secure mobility. I had a great discussion recently with officials from Trust Digital, which just released the latest version of its software, Trust Digital 2005. The software provides a security platform that not only identifies the types of vulnerabilities on mobile devices (laptops and portable handhelds) but also offers a policy-based approach to secure the corporate data on the devices through encryption.

Knowing what employees are doing with the mobility is key, says Nick Magliato, CEO at Trust Digital. For example, if a company figures out that the accounting department is connecting USB thumb drives to their notebooks, but not PDAs, the company can block the connection of PDAs, but allow thumb drives. "Once you figure out what employees are using their mobile devices for, you can then say, 'This group needs this set of policies, and the other group needs something else,'" Magliato says.

The Trust Digital 2005 platform includes a visualization tool that gives companies a snapshot of their mobile data risks, thus handling the first step of finding out what users are doing. Once policies are established, the system can approve that only certain data, applications or devices have access to corporate data. Magliato says encrypting only the corporate data is more efficient than other systems that encrypt everything (encrypting and decrypting on a mobile device all the time ends up draining battery life), or require passwords for every application on the device.

The new software costs about $100 per device, Trust Digital says, and includes the software, policy engine and infrastructure server components.