It's open slather for mobile devices in many enterprises where their usage and management is a policy-free zone.
An exclusive poll of Computerworld readers showed that despite the significance of the corporate data mobile devices hold, very few IT managers had usage policies in place or a broader mobility strategy.
Only one in five organizations surveyed had introduced usage policies, which means users in many companies can literally walk out the door with the company's crown jewels.
Mobility strategies are a hit-and-miss affair, the Computerworld poll revealed, with most organizations practicing mobility but without policies to govern the use of a multitude of different devices.
University of Sydney team leader of enterprise systems Craig Hamilton runs a wireless network for notebooks and other devices, including Blackberries for senior executives.
And while Hamilton cited security as the most critical challenge in governing mobility, the university has no specific policy for use of the devices.
"We just have a general computer usage policy in place," Hamilton said, adding that because it is a university, IT has to be "fairly open" with mobility.
At Ausco Building Systems, the usage policy IT manager Ian Mascord enforces is based on cost, which is why mobile phones are covered but not Blackberries.
"It becomes a support nightmare if you let all different personal devices come in," Mascord said. "I think the main challenge with these sorts of devices is defining what you allow to access the network, what data gets transferred through the devices and what applications are used on them."
The mobility revolution may have caught many IT managers off guard, but IT director David Leong at law firm Arnold Bloch Leibler (ABL) has had a central policy since mobile devices were adopted to increase staff productivity and improve customer service.
"Mobility is an easy trap to fall into, because the barriers to entry aren't there anymore," Leong said.
The strategy, he said, should be about capitalizing on remote access and securing data.
"Our strategy is to have central control of the device," he said. "The Blackberry is good because of its security and central control and if someone has lost it we can delete the information remotely."
Leong said people taking company information out of the enterprise on mobile devices is the main problem, including e-mail, which may have sensitive information in attachments, downloaded to a notebook.
To prevent this, ABL's policy has been extended to notebooks where e-mail replication has been replaced with a Citrix environment so employees are no longer downloading information to public access points.
"Also, we use multifactor authentication, so if a notebook is lost you would need a token and password to access corporate systems," Leong said. "And we can kill a token."
Don't be too complacent with a mobile strategies, Leong says, as there are plenty of pitfalls and "you can easily fall into a trap".
"If you don't plan properly, you can invest in the wrong devices and have the wrong strategy," he said. "Consequently you can open up a list of problems for your organization; [for example] mobile viruses can potentially affect the whole enterprise."
Ben Dallenger, Puma Australia's information systems manager, says his organization has policies in place to govern mobility, including a specific security policy.
"We do have a few mobile devices, such as mobile phones and Trio Handsprings, [with] Lotus Notes on them," Dallenger said. "I think policies in this area are basically dictated by the technology advancements, especially wireless, and we'll move ahead as the technology does."