Some of this may be inevitable. Turrentine says he doubts that enterprises can control their employees' personal devices. "Users control their own phones," he says, acknowledging that this is "a big [security] hole." The proliferation of smartphones, alone with their ever-expanding capabilities means "the attack surface is expanded," he says, noting that Apple devices are prized because of their cutting-edge functionality.
And he agrees that security is not the priority it should be at all levels -- users, enterprise leaders and the manufacturers themselves. The pressure on the makers of devices is not for better security but more functionality. "They're racing so fast to come up with more capabilities, because the mobile market is changing so rapidly," he says.
Meanwhile, Mike Geide, senior researcher at Zscaler ThreatlabZ tells Network World that employees regularly try to bypass their companies' security policies, even using anonymous proxy servers to get to unauthorized web sites.
Turrentine says even relatively savvy smartphone users seem blissfully unaware of the ways they are exposing their confidential information. He says he visited a Verizon kiosk in a shopping mall and talked to some of the workers there who were doing things like, "downloading questionable third-party apps and also doing online banking."
The good news, he and others say, is that a solution is not terribly complicated. The best thing users can do is to make sure they have the latest versions of apps and the operating system of their device. Turrentine says the latest iOS is fairly secure, noting that it took the jailbreak community 10 months to break the iPad 2.
Beyond that, Lyne tells The Bottom Line that users should have a robust password, use encryption, and be very careful about what apps they install.
"Think before you download," he says.
Sign up for CIO Asia eNewsletters.