Frank Kenney knows well the potential harm lax smartphonesecurity can pose to credit unions and any other enterprise thatallows employees to access their networks with those phones.

The vice president of global strategy at Ipswitch Inc. had lefthis iPhone in a security bin at Boston Logan International Airport,a discovery he made when the onboard instruction came to turn offall electronic devices.

“I couldn't very well get off the plane to retrieve the phone,so when we got to 10,000 feet I used the iPhone find application onanother device and remotely wiped that phone,” said Kenney, aformer lead analyst for file transfer technology at Gartner.

“I knew I could get the phone when I got back home to Boston.That wasn't my concern. It's what was on that phone, very sensitivemerger and acquisition information, pricing details, informationfar more valuable than the phone itself,” Kenney said.

Kenney was prepared but he said he wonders how many others wouldhave been. Indeed, a recent international survey by London-basedOvum showed that smartphone use among corporate employees isgrowing fast, both through company-supplied devices and employeesusing their own to access corporate networks.

The survey found that 48% of employees at firms it contacted areallowed to use their own mobile devices that way, and that 70% ofemployees who have company-owned computing devices are allowed touse them for personal purposes.

Not just high-level executives have potentially damaging data ontheir smartphones. “You may have a credit card number becauseyou're a sales person. You may have test results if you're amedical professional. It's going to be different in differentindustries,” Kenney said. “Whoever it is, they need to understandthey have the responsibility for the security of their data andwill be held accountable for what happens to it.”

“Companies need to recognize that more and more of theiremployees do have these devices and that they need to supply themwith enterprise tools that allow them to remotely wipe and lockphones, and they need to enforce policies that require you to noteven be able to get e-mail on those phones unless the securityfeatures have been implemented,” Kenney said.

More ways of doing that are emerging, said Jeff Nigriny,president of CertiPath, a Herndon, Va., provider of credentialcertifications that allow organizations, including privatecompanies and government agencies, to securely exchange data.

He suggested developers look at one of the most secure if one ofthe most simple, in computing terms. “Consider the smart card,”Nigriny said. “It has one of the slowest processors around but it'sone of the most functional security devices we have in the markettoday.”

Similar security could be built into far-more powerfulsmartphones, and they also can be used to read fingerprints andeven the iris of the owner's eye, Nigriny said, adding that theDepartment of Defense is now leading the way in that regard in itswork to secure smartphones in the Pentagon. Nigriny sees thetechnology already being used to secure everything from enteringbuildings to securing mobile payments.

Cost will be a factor, though. “It's been a big Achilles heelfor us. There's a very high one-time cost relative to any onetransaction, but if I can start aggregating partners' networks andbuildings, or mobile banking transactions, now this is veryattractive because my cost per transaction has gone to pennies,” hesaid.

While iPads and other tablets also will be a factor, “I thinkthis is all going to converge on the smartphone and it'll happen inthe next five years,” Nigriny said.

Tracking what employees are doing with phones is anotherconsideration. TriGeo Network Security Inc. of Post Falls, Idaho, anetwork security provider to credit unions and other businesses,specializes in doing that on networks but finds extending tosmartphones a challenge.

“We have a relatively small agent for tracking what someone doesonce they get into a network but it just isn't present today at thephone level,” said Michael Maloof, TriGeo's chief technologyofficer.

“I believe the industry is moving in that direction, and we'llsee a third-party application built right into the phone that canlimit what apps can be installed as well as encrypt data or limitaccess to it,” Maloof said.

“BlackBerry's leading the charge on that right now, and I thinkit will be a product differentiator going forward,” he said. “Wereally do need a way to control how sensitive information is storedand encrypted and accessed.”

Whoever goes first, others will follow, because people simplyare going to use their mobile devices for work and personalreasons, according to the people behind the Ovum report.

“Employees will want to use their devices, no matter who ownsthem, for both their work and personal lives,” said GrahamTitterington, principal analyst at Ovum in London. “Organizationsmust establish a holistic security strategy that addresses theconsumerization of this fast-growing channel into corporatenetworks and data.”

Maloof at TriGeo added, “Everyone has this on the tip of theirtongues right now. There's a fear factor about it. That's becausethe reality is that there are thousands of phones lost every month,probably in New York City cabs alone.”