Organizations today understand the need to mitigate risks for corporate systems and information through access via mobile devices. However, the point solutions for MDM (Mobile Device Management) etc. don’t really solve this problem – especially when understanding the bigger picture of Information Security in these days of the Computing Troika, where Cloud Computing, Social Computing, and Mobile Computing are game changers for Information Security. It is about understanding that the way we do authentication and authorization has to change. It is about taking the context into account. How big is the risk, depending on the type of user, the device used, his location, the type of authentication, and all the other contextual information? Is this risk too big to grant access or not? Starting with context not only mitigates mobile security risks, it overall helps mitigating Information Security risks in an increasingly complex world. Thus, risk- and context-based authentication and authorization plus the support for versatility in the open ecosystem of an extended enterprise are key to – not only – mobile security. This session will explain how to move from tactical point solutions towards a strategic approach.