First, remember SQL Slammers, the worm that spread like wildfire and congested large segments of the Internet to the point where they were practically unusable? The worm exploited a vulnerability in SQL Server. Microsoft patched the software six months before SQL Slammer hit. The problem was many users of Microsoft products were running a desktop version of SQL Server embedded in another application. They didn't seem to know what they had and didn't patch. We'll have to be more dependent on pushing patches from a central server. But who will push to non-business users? Or users in a small business that don't have the IT staff to support such an operation. I think we need to tread carefully with high-end databases on poorly managed devices.

My second concern is with data loss. Databases like SQL Server, Oracle, and DB2 are very good at synchronizing data between database servers. Without a user even knowing it, a home office database could push customer, sales, financial and other sensitive data to their phones. Companies will have to carefully craft policies about what data can be pushed to phones, what kind of encryption is used, and the need for strong authentication.

I caught this bit of news about database on phones from PC World's article on Steve Ballmers talk at CTIA.

Microsoft is enabling that in part by offering a consistent platform that developers can use to create applications for the PC and mobile phones. For example, a developer can write a thin client for mobile phones using HTML, Ajax and in the future Silverlight. Microsoft's .Net and Visual Studio can be used to write rich applications for mobile phones. Microsoft also offers a compact version of SQL so that developers can write applications for Windows Mobile phones for database manipulation.