A study we've already referenced proved that a lot of sensitive data is freely available on discarded hard drives.
It's reasonable to extrapolate that there are perhaps even more serious problems with data on cell phones and other portable devices.
Now there's proof that discarded mobile devices pose a danger. Trust Digital has released a study that says smartphones and PDAs on sale at eBay are dripping with data that their former owners certainly don't want floating around. Indeed, researchers got their hands on almost 27,000 pages of data on nine out of 10 smartphones they bought.
The likelihood is that the problem is worse in regard to portable devices. If not guarding data on office-bound computers is a problem, inadequately protecting it on portable devices almost certainly is a bigger worry.
The issue is exacerbated by the replacement cycle for mobile devices. Cell phones and PDAs are replaced far more often than machines that don't leave the office. Thus, there simply are more devices per user to worry about.
IT departments and corporate policy makers have to pay attention to this issue in its own right and within the context of choosing the most appropriate type of virtual private network (VPN). The two choices are IP Security (IPSec) and Secure Socket Layer (SSL).
A key difference between them is that IPSec treats the mobile device as if it is just another station on the corporate LAN. This, potentially, provides clever hackers with access to backend databases. SSL restricts access on an application-by-application basis. This makes hacking more difficult.
There is no reason to think that VPN clients won't be on mobile devices that are lost, stolen or carelessly sold. There are ways for administrators to guard against infiltration by these now-rogue machines. In many cases, however, IT departments won't know the machines are gone -- or will be too busy to immediately activate those safeguards.