The proliferation of mobile devices is competitively important for businesses but is creating "chaos" for security professionals, IDC has warned.
At the IDC IT Security Conference in London, Eric Domage, programme manager at the analyst house, said businesses needed to follow a range of steps to protect themselves.
"In the last year, a sort of device chaos has come about, with many people bringing their own mobiles and even having two or three devices on the go," he said. "It's important competitively to allow this, but you do need to protect your business with comprehensive security."
There was a "widening gap", he said, between the budget and skills available to businesses and the complexity of threats and regulations they had to deal with.
A newly-released survey of IDC customers reveals that 40 per cent of businesses expect their security budget to be cut in spite of the heightened complex threats, and a third fear some change to their budget, without knowing what it will be.
In order to cut security costs, 70 per cent will negotiate with vendors, 55 per cent will reduce the number of suppliers they work with and a quarter will reduce their own staff numbers.
In order to tackle the complex threats, particularly from mobile devices - but also potentially from the growth of cloud computing - companies needed to focus on good policies and thorough application, using the right technology, Domage said.
For mobile security, the key areas include anti-malware, identity and access management, vulnerability management, lifecycle management, and data security, overseen by a proper security management function.
"You must have broad solutions that are agile and centrally manageable," he said. "You also need to segment clearly the boundaries of professional and personal data, when you're dealing with consumer devices, so that everyone is protected."Read more: Underprovisioned security-analytics tools, skills hinder big-data adoption, expert warns
Around 55 per cent of firms said they plan to implement a basic data protection system for mobiles, and 20 per cent will implement the more complex, but useful data loss prevention (DLP) systems. A high 33 per cent of firms say they do not have technology or policy in place for mobile security.