RICHMOND HILLS, Ontario – According to a recent study conducted by Business Performance Management Forum, companies that use mobile devices face exposure to regulatory compliance violations and security risks.

The study, called Comply on the Fly: Keeping Pace with the Management Challenges of Mobile Data Management was sponsored by Nokia and Sybase. It revealed that the major reason why corporations are at risk is due to a lack of formal policies to protect information on mobile devices such as laptops, PDAs and portable PCs.

“We wanted to probe what is the existing current state of awareness and formal adoption of guidelines and governance framework around mobile devices especially given the fact there has been a great proliferation of mobile devices and IDC estimates that by 2009 there will be over 850 million mobile workers globally,” said Adriano Gonzalez, vice president of strategy and programming with BPM Forum.

Over 680 senior IT and C-level executive from a wide range of industries were interviewed for the study. Forty per cent of respondents admitted that they had no measures at all to manage mobile data tracking, backup and archiving for regulatory compliance purposes. Among those 40 per cent, 35 per cent of them are working towards measures while 65 per cent said they don’t have anything place.

“When asked how come [they are] not paying attention [to compliance and security on mobile devices], the top two responses were other compliance related priorities within the enterprise and not enough budget being allocated,” said Gonzalez.

Also, Gonzalez said that when the survey asked what would get companies to address compliance and security on mobile devices, 38 per cent of them cited suffering an actual security breach.

“So, not only are organizations not reacting to it, many of them are sitting idle and waiting for disaster to happen for them to become reactive,” he added. Half of the respondents said that about a quarter of mobile devices used within their business carry mission critical and sensitive information.

In addition, the study found that there is a disconnect between IT and C-level executives on the importance of mobile device compliance and security.

“There is not a clear sense of accountability. Those that are not IT folks point the finger at IT [saying that they] should handle and is expected to handle this issue. Meanwhile, IT is saying that this is a bigger issue,” said Gonzalez.

He added that in order to close this disconnect, organizations need to take a multidisciplinary approach that involves every part of an organization from IT, compliance, finances and operations working together in understanding how mobile devices are being used, who are using them, why are they being used and what are the associated risks.

Once that has been established, the BPM executive said that organizations can then work towards establishing a corporate-wide governance framework that defines and enforces standards, guidelines, processes and policies around mobile devices such as how to manage these devices if it gets lost or stolen and how to backup and archive data within mobile devices.

If a corporate-wide governance framework is not devised, Gonzalez said that the impact of a potential security breach can cause damage to a company’s brand reputation.

“At the same, we are going to see a growth in mobile workers [where] organizations are becoming more aware, more savvy and doing what needs to be done. I think [organizations are] becoming wiser with time and will address this issue more effectively as we move on,” he said.

This column was written by Vanessa Ho of ConnectIT