EMC security division, RSA, has released a report from the Security for Business Innovation Council (SBIC) that addresses the continued surge of consumer mobile devices in the enterprise, and offers five strategies for building effective, adaptable mobile programs.

The report, titled Realising the Mobile Enterprise: Balancing the risks and rewards of consumer devices, is derived from the experiences of 19 security leaders. Some of these include Coca-Cola, eBay, EMC, FedEx, Intel, and Nokia. It also includes insight into today's major sources of risk for the mobile enterprise, and an outlook for the future.

"With the prevalence of mobile devices and applications, organisations have huge opportunities to create business value, but the accompanying risks are equally huge," RSA executive chairman and EMC executive vice-president, Art Coviello, said. "SBIC provides strategic guidance that helps organisations not only reduce their mobile liabilities but also foster mobile programs that enable them to realise the full benefits of the mobile enterprise."

In the report, the SBIC states that establishing mobile governance is a key strategy. Organisations should engage cross-functional teams to set clear ground rules. The first step of every mobile strategy should involve defining business goals, including costs and revenue estimates, as well as risk calculation and the predicted process of achieving goals.

Secondly, organisations need to create an action plan for the short-term due to the rapidly evolving nature of mobile technology. SBIC recommends a 12 to 18-month outlook.

Building core competencies in mobile app security is also significant, and requires knowledge of how to design mobile apps in a way that protects corporate data. This strategy may involve investing in expertise. The SBIC said that it is not just about bolting on security, but requires an examination of the app's overall functionality and architecture.

The fourth point includes integrating mobility into long-term vision. This involves updating the company approach to security.

Expanding mobile situational awareness is SBIC's fifth strategy. It recommends an expansion of understanding of the mobile ecosystem, and maintaining pace with the evolution of technology.

"Similar to PCs, with mobile computing we'll see largely consumer phenomenon evolve into a comprehensive enterprise framework which allows sufficient security over data," T-Mobile USA (which is part of the SBIC) CIO and enterprise information security vice-president, William Boni, said.

"It has to evolve fast. But will it be fast enough? We're in an arms race between malicious exploitation and security protection."