The mushrooming use of mobile devices such as PDAs and smart phones is creating a growing security problem, and companies have few tools to deal with it.

But next week's Gartner IT Security Summit in Washington will feature products from two vendors that are intended to help companies secure critical data on mobile devices.

One of the vendors is Credant Technologies, a Dallas-based company that's partly funded by Intel. Credant's Mobile Guardian software lets companies centrally manage security-policy administration and on-device policy enforcement, according to the company. With it, administrators will be able to track and control mobile device usage on their networks, as well as protect the data stored on such devices via encryption and tight access control.

The other vendor is Baltimore-based Bluefire Security Technologies. Its Mobile Firewall Plus technology features an on-device firewall that protects data on the system and provides a logging and alerting service that lets administrators track device usage and system compromises, company officials said.

Red Flag
Such tools are aimed at addressing growing security concerns related to the use of nonsecure mobile devices on enterprise networks, said Sally Hudson, an analyst at IDC.

As users increasingly move to sync mobile devices with their office systems, corporate information may be getting downloaded to those devices with little or no protection. "Enterprises are waking up to the fact that it is important to monitor and control this flow," Hudson said.

The 22-hospital Banner Health system in Phoenix is testing Credant's software to determine whether it can protect patient health information stored on mobile devices.

"There's a lot of data that's being put on these devices," said Dave Jahne, a senior security analyst at Banner. "Since the HIPAA regulations came out, we are looking for ways to secure that data."

The expectation is that Credant's technology will allow Banner to impose and enforce strict security policies related to the use of such devices and the data stored on them, Jahne said.

Despite the promised benefits, these products aren't faultless. The large size of the Credant agent software installed on mobile devices could be a problem for some users, according to Jahne. Meanwhile, Bluefire acknowledges that its technology can do little to detect and stop unauthorized mobile devices from logging onto networks.

Even so, user concerns will fuel increasing demand for mobile security products such as firewalls, encryption technology and tools for intrusion detection, authentication, authorization and access control, according to Hudson. IDC expects the market for these products to grow 71 percent annually, from US$84.5 million in 2002 to over $1.2 billion in 2007.

Other vendors in this small but growing market include Pointsec Mobile Technologies AB in Stockholm and F-Secure Corp. in Helsinki, Finland.