As organizations seek to impose greater order on the mobile activities that affect their operations, challenging but important questions come into play. Thinking through the questions and determining the right procedures and technologies to address them can help organizations shape plans to become more secure, more vigilant, and more resilient in the face of cyber threats.

Know the problems you are seeking to solve. Problems on the mobile front can take many forms. For example, are you trying to address workers' concerns as you push them to use corporate apps on devices besides their company-issued phones? Or are you attempting to understand threats to your organization while taking a "bring your own device" (BYOD) approach that lets workers decide which of their own mobile tools they use to do their jobs? Knowing and defining the problem provides you with a starting point to a resolution.

Have a plan for securing the development of mobile apps. Creating corporate apps to help workers perform their jobs is a smart step, but the process for developing, testing, and deploying those apps should ensure that you're not introducing new vulnerabilities.

Determine which personal mobile devices workers can use to do their jobs, and which corporate devices they can use to access specific information resources. Not all devices are created equal. For certain operations, some devices—whether employees' or corporate-owned devices—simply might not be a good fit for your mobile security plan.

Decide what kind of apps workers can use. Installing certain apps on specific devices could present vulnerabilities when it comes to privacy or data leakage. Some apps simply might not fit well with your organization's security plan.

Understand the ramifications when a "stranger" (whether a thief or an employee's family acquaintance) takes, loses, or compromises a mobile device. And decide how you will react. With some solutions, remote wiping of data can offer a solution to loss or theft of a device. But are you prepared to remotely wipe a device with an employee's personal photos on it? Do employees know when remote-wiping can occur? Thinking through questions like these will help your organization respond prudently on the security front, while also allowing you to better manage worker expectations.

Decide on the access or app downloading restrictions you will impose as part of a plan to prevent malware. Unbridled mobile access to apps and corporate information poses obvious security risks so your organization should have a clear plan that covers what's specifically restricted and how you will enforce those restrictions.

Know how you will interact with contractors, partners, and friends on the mobile front. Suppliers and vendors are using mobile too as they do business with your organization. Understand how they are accessing your information and systems. And consider how guests visiting your offices may access your systems. What devices can they bring? What resources can they access? Planning for a multitude of scenarios that involve partners and mobile tools can help you get ahead of mobile security problems before they arise.

Comprehensively address security challenges that may arise as you support more than one mobile platform for your workforce. Many organizations address security issues for iOS, Android, and Blackberry on an ad-hoc basis as new offerings crop up in the hands of their workers. A more focused and comprehensive approach to security can help address platform-associated challenges ahead of time.

Addressing security in the mobile realm involves more than developing policies. Significant technical decisions await those who seek to improve how their organizations use mobile tools. Here are a few considerations to throw into the mix as you decide how to proceed with mobile security.

Consider deploying a central mobile device management (MDM) solution. A variety of MDM solutions have hit the market to help address organizations' security needs. And they're all different. Some focus on inventory management. Others show strength in functions such as remote wiping of devices. Know what you need and know what the solutions can do.

Avoid supporting jail-broken phones. Although many individuals view jail-broken devices as more nimble and powerful, these devices can expose users and your organization to new security threats, such as malicious apps. A jail-broken product isn't worth the worries or the challenges for your organization.

Understand the challenges you will face with a heterogeneous mobile environment. The more types of devices and the more platforms you support, the more challenging your security picture becomes. A heterogeneous environment can lend itself to inconsistencies in security and policy.

Mobile is moving rapidly into organizations, and organizations must move rapidly—but thoughtfully—to address security concerns. And even though major policy and technical questions await those in search of solutions, answering those questions can position you well for the future. Businesses want to run faster and mobile is part of "faster." Waiting to address mobile security means you'll have to play catch-up later on.

Ultimately, an organization needs a consistent, pragmatic policy for mobile device management. A "keep it simple" approach can work best. But getting to simplicity takes work. Deloitte can help your organization be secure, vigilant and resilient. We have solid experience and a forward-looking approach when it comes to mobile security, and we can assist with organizational needs from strategy and policy development to solution selection and implementation.