Mobile enterprise security starts with policy

searchmobilecomputing.com has a nice, lengthy article on the importance of policy for mobile enterprise security from an end-user, device and infrastructure perspective. Jack Gold at J. Gold Associates and Daniel Taylor at the Mobile Enterprise Alliance provide some insightul commentary in the article.

Instead of trying to summarize the entire article, here are 10 steps to mobile security -- broken down into specific areas -- as outlined by Jack Gold of J.Gold Associates:

End users:

• Set policies, document and get user buy-in
• Enforce policies on mobile devices for all users
• Review and update policies regularly, as things often change

Devices:

• Make sure password protection is set to "ON"
• Include updated personal anti-virus and firewall on devices
• Encrypt sensitive files on devices
• Enable device lockdown and kill

Infrastructure:

• Determine what file types can be downloaded/synced by which users
• Log device usage for compliance where appropriate
• Enforce connection security/VPN standards