As often happens with electronics trends, the proliferation of a consumer device soon results in that gadget knocking on the door to the enterprise.  That’s the case with smartphones. The trend started with the Blackberry, was supercharged by the iPhone and will continue to grow with phones running Google’s Android operating system.

What’s worrisome about these devices is that they run applications… far too many applications that any IT department could vet for security purposes. Jupiter Research, purchased by Forrester research in 2008, estimates that by 2014, 20 billion apps will be downloaded annually to smartphones.

That is a nightmare in the making for network administrators, who see legions of unknown programs touching their enterprises. Such apps already exist for the iPhone to directly access enterprise programs like SAP and Oracle. And with more apps on the way, the potential for them to spread malware or facilitate unauthorized access to precious data is a sobering thought for gatekeepers.

One way to get a handle on mobile devices invading an enterprise is to impose tough policies on employee use of their mobiles when performing office tasks. Monitoring policy compliance manually, though, can be an overwelming task for overtaxed IT departments. There are automated systems for ensuring compliance, but they can be expensive to implement.

There are also some drawbacks to keeping a tight rein on smartphone use. By limiting an employee’s choices on how he or she must work, a policy could adversely impact the worker’s productivity. Then there’s the problem with exceptions to the rule. If someone higher up on the corporate food chain than an IT gatekeeper wants to use a particular application, whether it’s risky or not, an exception to its use will likely be made.

Another approach to controlling smartphone proliferation is to substitute company smartphones for personal ones. That, too, can be a costly solution, as well as a time consuming one. Nevertheless, it ensures IT has control over what can and cannot be done with the phones. The technique is similar to what’s done on the network where unnecessary or risky services are turned off, disabled or uninstalled on its computers. There are also ways to make changes to the phones  universally. That facilitates assuring that the phones are always up to date when policies change or applications are upgraded.

Many companies are finding that they’re unable to dam the smartphone wave, that their employees are using the devices without regard to IT policy. Some smart ones, though, are surfing the wave. Along with issuing their own smartphones to workers, they’re supporting their personal phones as well. To bolster security, they’re requiring smartphoners to use custom applications for email, calendars and contacts that are tied to their Microsoft Exchange servers. That way they can make sure that the phones are used in an environment with enterprise grade security and that corporate resources can’t be touched without proper authentication.

Administrators looking for policy guidelines on smartphones can find some at the Center for Internet Security. Although its mobile benchmarks are targeted for the iPhone, they can be applied to any of the current crop of smartphones on the market. Here are some of the center’s recommendations.

• Keep the phone’s firmware updated.
• Turn off all receivers and transceivers when the phone isn’t in use.
• Turn off WiFi when it is not needed.
• Activate options to forget WiFi networks when finished from using them.
• Turn off option to ask to join WiFi networks.
• Turn off auto join WiFi networks features.
• Turn off VPN software when not using it.
• Turn off Bluetooth when not in use.
• Turn off location services.
• Require a passcode to use the phone.
• Require alphanumeric values for passcodes.
• Require minimum passcode length to be five characters.
• Set the time at which the phone auto-locks if not used to one minute.
• Turn off SMS preview so text messages aren’t automatically displayed on the phone’s screen.
• Automatically erase all data in the phone after 10 failed attempts to enter a phone’s passcode.
• Choose erase all content and settings as the default setting so data is wiped from the phone and cannot be recovered.