The rate at which mobile devices are proliferating is staggering. According to a recent white paper by Harbor Research, there are approximately 2.8 billion mobile phones in use today, with 1.6 million new ones added every day. And that's just phones. Analysts tell us within 15 years, the Internet will need to accommodate over one trillion (with a T) non-PC devices.

Whether you call this phenomenon "the network of devices" or "the Internet of things," the underlying message is the same. Connectivity now encompasses everything from TVs and cell phones to cars, medical devices, networking equipment, environmental controls, industrial sensors, aircraft and everything in between. Everything connected...ahh, how nice. Well, maybe not.

Swift consumer adoption is driving mobile market growth, but it is also increasing complexity and security risks. Managing the personal and enterprise interface with the Internet is becoming tremendously more complex due to the number and diversity of devices connecting to it, and the new types of content we're sending across the Web. These days, non-PC devices connected to the network are exposed, from day one, to advanced polymorphic malware and viruses that can infiltrate a device without the user ever knowing it.

Everyone agrees that security is a big concern, but who's accountable after a security breach? Is it the consumer who inadvertently downloaded a virus? Is it the device manufacturer who didn’t bother to build device security into the product from the start? Or, is it the fault of the service provider or carrier whose network the data moved across?

Unfortunately, when it comes to security, the "connected devices" industry has not outlined a best practices approach. That's probably because of all the devices that connect to the Internet, only workstations and cell phones are really represented, as classes, by manufacturing consortia. That means security design decisions are typically made on an ad-hoc basis and different approaches are used for different products. Sadly, security is often added into devices only after a high-profile breach gets splashed across the Internet.

I'd posit that device manufacturers have perhaps the most responsibility -- and the most control -- over the security of their devices. They also have the most to lose if they get it wrong. Customers experiencing problems call the company whose logo is on the device, regardless of who wrote the software running on it. So when devices suffer security problems, support calls increase, devices get shipped back for troubleshooting, and device manufacturers get stuck with the blame.