Why a device security strategy is mission critical