With all the mobile data solutions out there these days, it's easy to get caught up in the perceived security nightmare that accompanies all your users running around with all sorts of data on their phones and tablets. It's a simple argument for the companies that make solutions to manage that problem, too. All they have to say is, "What if your user lost their phone? Then the person that found it would have access to corporate documents." And while that is a problem, admittedly, it's not like the introduction of smartphones has brought upon a data security issue that we weren't already dealing with.
Data has been escaping our walls in the form of files for as far back as I, you, and your great grandparents can remember. Before smartphones, people still had data on laptops. Hell, I had corporate data in the form of Word docs, spreadsheets, and email on my OmniSky modem/Handspring Treo back in 2000 (which, for some reason, you can still buy on Amazon). Before laptops and crazy PalmOS accessories, people had their data in briefcases.
What's new about this? The proliferation of devices with corporate data on it is one thing, as is the amount of data that can be stored on these devices, but the problem isn't really new. In the past, it was just assumed that this was happening, that the content was out there, and once it's out there, who knows if it will come back. We added tighter security around certain information so that it couldn't leave the building (in physical or electronic form), but most of the data was out there and vulnerable.
So why are we trying to cure it all now with mobile data security? Why, all of a sudden, does the perfect solution have to keep all data (in terms of files) secure between the phone and the datacenter? I mean, it's a nice goal, but what's different today than ten, twenty, or forty years ago? Long ago we established a minimum acceptable risk by assuming data could leave the company at any time, and anything critical that we wanted to keep secure was put under lock and key. When did everything become critical?
Also, this is just about keeping honest people honest. In the end, if someone wants to get a piece of data outside the confines of the organization, they'll find a way. You could put all these mobile data protection solutions in place and the users can just send the data out via email to their gmail, take it home on a thumb drive, post it on a site, or use YouSendIt almost as easily as you can simply make a copy.
Now, I'm not saying "down with mobile data management!" but I am saying that we need to put it in perspective. If you can secure the data that lives on the device without making it too difficult to use, great, but searching for the white whale of a perfect solution before letting your users access data from their phone might not be the best idea. After all, if they have a laptop, you've already let them take their data with them anywhere they go. If you let them use thumb drives or dropbox in the office, the data is already out there. Focusing on mobile devices is like building a gate over only part of the road.
Again, I'm all for a good mobile data management solution. It's just that I think our goal with one should be to return to the baseline we established many years ago of maintaining an acceptable amount of risk and keeping honest people honest. You simply can't protect all of the data, especially the user-created data. If you want to protect the data on a device, great, but that only closes off one way of getting the data "out there" anyway.