CIOs also need to make sure that the help desk is well-versed in these new devices before they're rolled out to a single user. "That's where the disconnect happens," says Reality Mobile's Rensin. Far too often, the help desk gets thrown the BlackBerry or Treo training manual after the fact, and then they have to learn it while dealing with cranky users. Time and money lost in that process may be hard to quantify but "there's never any way to recover it", Rensin adds.

Enforcement of a device security policy is one of the biggest pieces of any overall mobile device strategy, especially in light of regulations such as Sarbanes-Oxley. If CIOs are going to "allow these devices, then they need to make sure their policies are enforced", says Maiwald.

One way to enforce a security policy is to track rogue devices, especially if you've decided not to allow any unapproved devices on the network. Tracking requires security software that can, for example, scan for unauthorized device-to-desktop synchronization, or unauthorized devices accessing your network through your wireless LAN.

If such a policy is in place but is not enforced, the risk to the organization may be greater than if the organization were to simply ignore the problem. That's because the existence of the policy may give the enterprise (and the CIO) a false sense of security, Maiwald writes in the Burton Group report. And if any employee leaves the company, CIOs have to make sure that his device has been wiped clean of all company information (see "When the Bits Bite the Dust", CIO Dec/Jan for more on wiping hard drives clean).

In the end, any mobile device "is only as secure as the human operating it", Ovum's Entner says. "No amount of software can change that."

SIDEBAR: Your Mobile and Wireless Decice Primer

LAPTOPS

Prime players: Apple, Dell, HP, IBM/Lenovo, Panasonic, Sony

Uses: Has everything that the road warrior, telecommuter or travelling VP needs.

Best used by: Knowledge workers who need mobility and flexibility.

Strengths: Portable. Virtually all notebooks come with wireless connectivity these days.

Weaknesses: Though new models are lighter, they still can be a pain to lug around. And don't forget about battery life issues.

Wireless handhelds for accessing e-mail and applications

Prime players: Fujitsu, HP, Motorola, Nokia, Palm, RIM, Sony-Ericsson

Uses: Checking e-mail from outside the office and some personal information management capabilities.

Best used by: White collars who need access to e-mail as well as blue collars who need wireless application capabilities.

Strengths: Keeping your e-mail inbox under control while you're away from the desk or laptop; accessing the network from the field.

Weaknesses: Easy to lose. Meatier enterprise applications take their toll on battery life. Costs rise as security features are added.

Moblie phones

Prime players: Motorola, Nokia, Samsung, Sony-Ericsson and many others (manufacturers); Telstra, Optus, AAPT (carriers)

Uses: Global communication is just a phone call away.

Best used by: Everyone.

Strengths: Compact and cheap. New models have lots of features (such as multimedia) and can connect from almost anywhere in the world.

Weaknesses: All-in-one devices can be confusing for users. And those cameras are a security hazard.

Converged mobile devices and smart phones

Prime players: Fujitsu, Motorola, Nokia, Palm, RIM, Sony Ericsson

Uses: Access to e-mail, calendar, applications, telephony, personal information management and more.

Best used by: Knowledge workers, field techs and execs who want enterprise access without the laptop.

Strengths: Can do almost everything reasonably well and can be taken most anywhere in the world.

Weaknesses: When you cram all that into one (tiny) device, issues such as typing on the (tiny) keys can be annoying. And the more features you add, the greater the security issues become.

SOURCES: Burton Group, Canalys, CTIA, Current Analysis, Forrester Research, Gartner, IDC and CIO reporting