You like to be in control. What executive doesn’t? But mobile and wireless devices, for all their potential and allure, introduce an element of lawlessness to your carefully crafted systems. They take data outside the walls of the enterprise, and the moat you’ve dug around your digital castle—the hardwired firewalls and virus protection that guard your desktops—means less than nothing to them.

And there’s no controlling the demand for these handy new gadgets. Everyone wants a Wi-Fi-enabled laptop or handheld so they can e-mail their colleagues while sitting in the airport lounge or access critical sales applications on their network while meeting with customers. And now everyone wants a smart phone, a converged device that combines cell phone and handheld functions. At worst, these gadgets are status symbols. At best, they increase your workforce’s agility and improve productivity. And since all these geegaws have become relatively cheap, how can you say no?

But the problem, says Richard LeVine, global lead for mobile security at Accenture, is that CIOs can only “try to align [their policies] with the users or butt heads with them.

“And if you butt heads, the users are just going to go around you.”

What CIOs need desperately is a strategy for managing mobile and wireless devices. Elements of a good strategy include: first identifying if there’s a business need for a device; segmenting your employees by job function; deciding on a list of devices that IT will (and will not) support; and last, devising a training plan for users and help desk staffers as well as enforcement mechanisms that will ensure device security.

If you try to fly without such a plan, you’re sure to end up sitting amidst the charred ruins of a security and privacy disaster. Cautionary examples are multiplying daily. The recent incidence of laptop loss and theft—including the MCI financial analyst’s laptop that went missing in April 2005 containing 16,500 names and Social Security numbers of current and former MCI employees—underscores the importance of securing devices with much more than a password. And then there’s one of the more infamous accounts of BlackBerry boneheadedness: the Morgan Stanley exec who sold his dead BlackBerry on eBay for $15.50 after he left the company. Turns out the batteries had just run out, and the new owner found hundreds of confidential Morgan Stanley e-mails still on the handheld.

“If you allow people to bring in devices off the street, you are going to have a loss of control,” says John Killeen, director of global network systems at UPS, which supports nearly 200,000 wireless devices worldwide. “You need policy, standards and enforcement.”