| The number of professionals using mobile wireless devices in the workplace is growing rapidly. This qualitative case study, which was limited to handheld devices, was designed to explore the problem that adequate mobile device security had not been implemented in organizations whose employees used mobile wireless devices for business activities. The purpose of this study was to explore the security implementations for mobile wireless software applications for mobile devices in organizations across several market sectors, both domestic and international. In 2009, this qualitative case study was the first to explore these issues. Participants in this study represented 20 U.S. and international organizations in market sectors such as government, legal, finance, healthcare, education, and technology. Participants were information technology or security professionals responsible for mobile application security in their organizations. Data were collected using a Web-based questionnaire, one-on-one in-depth telephone interviews, and a focus group interview. The study had eight major findings: (a) organizations varied in the types of mobile device security methods and procedures used; (b) most participants realized that mobile device security threats existed, but did not take it as seriously as PC and laptop security; (c) most organizations did not have a team dedicated to mobile device security and no formal education was offered for those responsible for mobile device security; (d) most organizations did not have a formal written mobile device security policy; (e) organizations varied in how security methods and procedures were implemented; (f) organizations varied in how security methods were verified and procedures used; (g) mobile device security was hard to implement, enforce, and verify because of a lack of technology, both hardware and software, as well as a lack of educated users of mobile devices; and (h) a limited common road map was revealed in the study. Three recommendations were made to improve mobile device security in organizations. First, more comprehensive software applications should be created to centrally manage mobile devices. Second, better awareness of, and educational campaigns about, mobile device security for users and those supporting mobile devices are needed. Third, a practical road map focused on mobile device security should be created. |
