It's not just a matter of a mobile device being stolen; what if it gets dropped, soaked, burned, or suffers any number of mishaps that can possibly befall it in the field.   Protection generally comes in two forms. The devices themselves can be ruggedised to offer a robust defence against the rough and tumble of fieldwork, and/or the data held on these devices can be made more secure by using the latest technologies to bar unauthorised access.

On the ruggedised front, huge advances have been made in recent years. As Alex Price, senior business development manager for mobile computing devices EMEA with manufacturer Symbol, explains: 'In the beginning, I'd say we really didn't know all that much about how to protect devices. We just made thicker plastics and added rubber mouldings. But we've come a long way since then in how we physically engineer for durability.'

The internal electronics of Symbol's products are now housed within sophisticated 'magnesium sub-frames', and the components are designed and positioned to afford maximum solidity. Furthermore, on its more durable devices all screws and glue have been removed from the manufacturing process. The entire electronic stack is effectively 'floating', and is simply secured within its plastic housing with a rubber gasket, which absorbs the shock in the event that it's dropped.

This is all a far cry from what happened a few years back. According to Sandy McCaskie, UK general manager with rugged computer maker Itronix, the biggest mistake people made in the past was trying to protect their precious data by slipping their relatively unsophisticated devices into carry cases. When you drop something there's a certain amount of energy transferred. Drop a unit on to a surface, and that energy occupies the outer casing or screen. 'If you put that unit into a bag or case, the energy is the same, but you've effectively transmitted that energy to the inside of the unit. Instead of impact shock, you're getting vibration shock, which is the worst kind,' he says.

McCaskie believes customers are all a bit hung up on good looks when it comes to protecting their devices. 'There's the outside physical damage that occurs to a device - which tends to be a matter of aesthetics. It's probably not that important. Crack the case or damage the screen and you might not be able to use the machine, but your data's still safe. This is more cosmetic damage, but it's this that most people think about when looking at ruggedised devices. They forget that this isn't the important bit.'

What's more important is a unit's IP (ingress protection) rating. An IP number is used to grade the protection of enclosures around electronic equipment, and is determined by specific tests. The number is composed of two digits, the first referring to the protection against solid objects and the second against liquids. The higher the number the better the protection. An IP66 rating would mean a device is 'dust-tight' and you could literally hold it under water for an extended period of time. Thankfully, the majority of mobile workers will not need this level of protection as, needless to say, it comes at a cost.

Steve Alderson, managing director with mobile data network operator Cognito, is adamant that the majority of his clients are happy to go the non-rugged route. 'We used to manufacture our own rugged hardware, but when moving systems over to standard networks and hardware about two to three years ago, we were doubtful about what the market would say about non-rugged hardware. In fact, the market has shown us it's quite happy. We've got about 10,500 subscribers running around the country on our network, and probably less than 100 are using ruggedised hardware. You obviously can't drop these devices in a bucket of water, but as long as you use the units properly, they work very effectively.' Alderson name-checks one device in particular: 'There was a device called the Siemens SX45, a plastic-cased thing that, when we looked at it, we thought that's just not going to stand up to much. In fact, we've still got about 4,000 of them out in the field and they've been there for two years.'

So is it in the interests of companies to go for the cheaper, non-ruggedised devices and simply budget for frequent failures, replacing machines as and when they get lost or damaged? Chris Harrington, managing director of Rugged Systems, admits it happens, but advises against it: 'I haven't come across it very often, but companies have done that. But it's sometimes a pain in the neck trying to replace them. People often go down that route and come back to the rugged devices.' Symbol's Price agrees: 'We have customers that have come back to us, saying that they needed extra people to manage the non-ruggedised devices, as well as having to maintain one spare unit for every device out in the field, and they were losing productivity every time they broke. The upfront cost of acquiring the cheaper hardware might have been lower, but they were finding their total cost of ownership was rocketing.'

Added to the worry of general wear and tear taking its toll on mobile devices is the risk of theft out in the field. Simple theft is obviously important, but McCaskie suggests that the whole issue of 'aggravated theft' often gets overlooked, putting workers' data seriously at risk. With mobile workers often operating in potentially unsafe public areas, a nice shiny silver PDA is probably not what's called for. It's just begging to be pinched. 'We deliberately make our computers and handhelds to look like part of a toolkit,' says McCaskie. On the other hand, there's the risk of internal theft, where an employee thinks he could sell his sleek-looking handheld down the pub or to a mate. In this instance, some companies opt for their devices to be fluorescent yellow or some such garish, unattractive colour, or even burn a company logo on to it - anything to make it less attractive.

But what if the device is stolen? As the second line of defence, what can be done to the unit's software to shore up the data contained in it? Like many suppliers of mobile data applications, Cognito deals in the transactional, thick client area, where data effectively resides on the devices. Clients can choose to store data on a removable memory card, but the majority opts for simply using the unit's internal memory. Alderson explains the Cognito approach to securing this data: 'We basically seal the user interface of the device.' By and large, their clients are using Microsoft software platforms on the likes of Pocket PCs, but users are barred access to the basic Microsoft tools. 'We effectively put a complete skin of software on to the device, so from the moment it's powered up you're faced with a Cognito interface. What that means primarily is that we can control the way we give access to any of the data contained therein.' The Cognito interface can be bypassed by cold-booting the device, but this effectively wipes the system of all its memory.

Alderson admits that another potential weakness is where somebody steals the unit, sticks it in a cradle and tries to ActiveSync with it. ActiveSync is therefore disabled on all its devices. Two other mechanisms also close off the devices. One is a simple password-lock facility, initiated by the user or a central manager. Each time the device is used - even if the screen times out - the password has to be entered. Get it wrong three times and the unit locks itself. Importantly, the communications ability is not disabled. Secondly, Cognito itself has a central-locking ability. Stolen devices will register on GPRS within a minute of being switched on and can be locked down remotely.

Mobile communications specialist Dexterra has a similar ability, explained in slightly more hyperbolic language by its marketing manager, Jason Nadel: 'Once a central IT department has been notified of a lost or stolen device, the next time the device tries to hit the server for information, a kill pill will be automatically sent to the device which will blow all the software away. There'll be absolutely nothing left whatsoever.'

But what about avoiding storing data locally on devices altogether and opting for a low-cost, centrally-managed thin client solution? You effectively bypass all the security issues of having a local cache of information on the client devices. 'You can then provide appropriate authentication from whatever device the user chooses to get access from, and appropriate encryption of the datastream between the client's device and the server's working environment,' says Paul Burke, senior product manager at thin client specialist Citrix.

By way of reinforcing how secure its system is, Burke refers to a few key clients: 'We've worked with a few police forces and they obviously have fairly hefty government restrictions placed on them as to how they can use the data that goes into the Police National Computer. They really didn't want it being held locally on devices out in the field; the data could be out of date or it could get acquired by the kind of people that the police interact with - not a good thing - and they wanted to maintain central control of that data. There were very few ways they found of doing this, but a number of police forces do use the Citrix infrastructure to provide access to PMT data over an authenticated, secure connection.'

Thin-client solutions may appear to offer a way around locally stored data, but many in the industry point to its limited applications. Alderson for one: 'The simple thing about thin client devices is that you need radio for it to work, otherwise you can't do anything; and it's a pull only system - the mobile device has to initiate it. In our high-control, real-time environment, the centre wants as much control as possible. It'll have a place, but not in any of the hardware workflow areas like couriers or field engineers.'

Symbol's Price agrees: 'Thin-client applications aren't really workable for the kinds of environments we're talking about. In a four-wall application in a retail environment, they're fine. But we'd never recommend it out in the field. At the very least, customers need an application they can use in an offline mode.'

So it seems there's much that a service company can do to secure its mobile data. But it's important to consider just how much information really needs to be out in the field in the first place. Dexterra's Nadel firmly believes in damage limitation: 'Companies should start by thinking about what is really needed out there. In effectively throwing your desktop out into the field, your workers might only need 40% of its data. That in itself will eliminate X amount of information being potentially exposed.'

And, finally, it's important to keep a sense of perspective. As Colin Holloway, marketing manager at PalmOne, advises: 'Somebody might be carrying their company data around on a PDA and getting really hung up about the fact that the data's not protected. But the alternative is that they're probably carrying around a briefcase full of confidential papers anyway. If it's on a device, at least it's password-protected.'