IT compliance may not be as thrilling as the latest Tablet computer or Smartphone that users are bringing into your organization. However, for many organizations it’s the main driver for justifying IT security budgets used to protect the organization’s critical information that users have access to on those shiny new Tablets or Smartphones.

Admittedly, it’s fairly easy to secure funding for compliance. After all, you really don’t have a choice – you must comply with all the mandates, rules and regulations that are central to your industry. But, being compliant is just the start of what you must do. Adequately protecting that information means going beyond the minimum – which many are guilty of doing – despite everyone in IT recognizing that being compliant doesn’t equate to being secure. The problem is that justifying additional security budget beyond the compliance checklist remains a significant challenge for most IT departments.

Recently, the Homeland Security Department unveiled a new system of guidance intended to help make the software behind websites, power grids and other services less susceptible to hacking. The system includes an updated list of the top 25 programming errors that enable today’s most serious hacks. The list, topped by SQL-injection vulnerabilities, is an attempt to address the root-cause issues behind cyberattacks.

However well-intentioned, this new system will likely fall flat just like the several attempts over the years to legislate security through compliance – the last count was at least seven bills in Congress that would attempt to do so, several of which were re-attempts on previous legislation. There have also been attempts at requiring certification and licensing of information security professionals, which have also not succeeded to date. DoD 8570 is the closest thing we have for mandatory certification.

IT is constantly adapting to new realities spurred by the types of technologies that people are using and bringing into the enterprise environment. One of the most disruptive technologies of late has been iOS devices. These devices are massively popular, and for good reason. Whether you’re a vice president keeping up on the latest sales reports mid-flight via their iPad or a physician accessing medical reports while meeting with his patient, iOS devices can improve productivity.

Platforms such as iOS have been designed from the ground up to be more secure—they raise the bar by leveraging techniques such as application isolation, provenance, device encryption, and permission-based access control. However, these devices were designed for consumers and, as such, security has been traded off for usability to varying degrees. It’s this usability that makes them so popular among consumers.

(Cross-posted from Symantec Connect)

Let’s pretend for a moment that you’re on a business trip. You hear the boarding call for your flight and reach down to grab your laptop – only your laptop isn’t there. Whether it was left at security or snagged by another traveler in the terminal, your laptop is gone and your company data is at risk.

So what do you do? Typically you’ll need to make a call to the office, notifying your IT department of the incident. This call will initiate a chain reaction of events set into place to ensure measures are taken to secure the files and equip you with a new device to keep business running as usual. This process typically involves a series of forms, approvals, signatures, etc.