Governance the key if you don't want mobile workers escaping your control

Well connected

Company-owned mobile devices need to be strongly linked to the corporate infrastructure, because you need to be able to control them completely. This was the huge strength of BlackBerry until not so long ago: the handset hooked into the Enterprise Server which ruled its security and configuration.

Nowadays the options for secure handset connectivity are many, so you can achieve the same goal with Apple, Android and Windows phones.

Rule number one: don't feel you have to pander to the users. Enforce a complex unlock password on the device, and make sure it auto-locks after no more than three minutes of inactivity.

Set it to auto-wipe corporate data (such as email) if it loses track with the enterprise server for more than a few days – after all, you can always resync the inbox later if it has been blown away.

Restrict users' ability to install applications to only those that are relevant: this could mean you allow just corporate apps but I do tend also to define a whitelist of permitted third-party programs such as the British Airways and EasyJet flight apps, and BBC or Sky News (current affairs are often relevant to your business).

If you want to provide business functionality on users' own devices, use a sandbox application that enforces all of the above on a private corner of the phone.

So instead of allowing ActiveSync to be the on-board email program, you have an email program that is part of a mobile device management suite.

It doesn't let the user touch anything therein unless it is in contact with the corporate server and has confirmation that the user is legitimate, hasn't been fired, and so on.

If you have home-grown corporate applications or other proprietary apps that can run natively on the devices (increasingly the case as development tools improve for mobile devices) then there are also packages that let you deploy from a corporate equivalent of the Apple or Google app store and then wipe the apps remotely if the user leaves the company.

Many people don't realise, for instance, that mobile device operating systems incorporate enterprise integration code that allows such tight control but simply sits there doing nothing if it is not connected to an enterprise system.