Security-conscious

The obvious solution to this is to devise policy documents and train staff to be aware of security issues. Staff members are rarely savvy about security and a lack of understanding can lead to errors. They are often working to meet deadlines and such pressure can lead to shortcuts. It is not unusual for pressurized staff to take copies of documents relating to their work so that it can be finished at home.

The best practice is to disable any port that can be used for copying. USB ports are obvious candidates, but there are also issues with Bluetooth, Wi-Fi and CD/DVD drives that must be addressed.

Huggins says: "Questions that must be asked are, do you have Bluetooth open to the world? Are you connecting to the internet constantly? It's more to do with the configurations of the devices rather than the software security that is deployed on them. One interesting thing I have seen deployed on BlackBerry Enterprise Servers and also on other mobile manufacturers' offerings is a 'remote-kill' feature. When you have a standard platform, you're able to put in a server that can send remote-kill commands. If a device is endangered, you press the button and it eradicates its memory and kills itself. This is incredibly valuable, especially when combined with local device encryption."

Various companies, including mobile device suppliers and network operators, aside from BlackBerry manufacturer Research In Motion, are starting to offer remote-kill facilities. There is also a burgeoning market for remote-kill services for laptops. In these cases, it is wise to ask what kind of service is being provided. Does the erasure process only delete files, or does it overwrite the data on the disk? If it merely deletes data, then an undelete application, freely available for download on the web, can retrieve the files.

Encryption protection

There is no substitute for encrypting information to protect mobile data. It is common practice to encrypt transmitted data, but not many people encrypt hard drives, optical discs, backups and USB drives. Huggins believes that this is essential. "If we're talking about laptops, I advise full disk encryption,' he says.

"Some people seem happy to go with encrypted areas of the disk, where people are supposed to put secure files. Good security in business is about people making the best decisions based on training awareness and policy, but technology should also support them because they may not necessarily make the best decisions. Full disk encryption means people don't have to be relied on to make the right decision -- it's just done."

The idea is to reduce the value of any stolen device to the hardware costs. The harder it is to get at the data, the less valuable the device becomes to professional thieves seeking industrial espionage potential. Eszter Morvay, senior research analyst for European personal computing at analyst firm IDC, feels that even more protection is required.

"In terms of security, there are three things to consider," she says. "Nowadays, it is good practice to ensure that any business notebook comes with a biometric fingerprint reader on board, as well as disk encryption. The second element is being provided from an original equipment manufacturer perspective. When Intel or AMD design a new processing platform, security is one of the key features they focus on. Basically, you get additional pieces of software that work together with the processing platform to enable higher data security and higher data integrity, though how much this can achieve is debatable.

"The third element is putting really secure software, such as McAfee, Symantec and Check Point ZoneAlarm, on top of the operating system to offer all-around protection," explains Morvay.

"The principal shaper of future security policies will be governance regulations," she adds. The onus is on companies to prove they are taking all possible measures to protect sensitive information -- and that requires a massive amount of work to increase the awareness of employees to best practices. The size of this task may change the face of future infrastructures, especially on the client side.

Morvay explains: "There are several client solutions emerging at the moment that have no hard drives or USB ports. These thin clients are basically access devices. When you type in your username and password, the remote server allocates processing power and the applications you are going to be using."