"We had a client where an employee who was one of the supergurus with knowledge of the applications and networks was working late one night," Morency said. "He brought a thumb drive in and was downloading payroll files that had Social Security numbers and people's addresses with the objective to sell it to the highest bidder. The way we were able to detect what was going on was through file logs and events that were being generated."

Fortunately, regulators understand the difficulty of compliance and the added risks that mobility creates, Gibbons said.

"Compliance is sometimes science and sometimes art," he said, referring to putting the basics in place to ensure compliance. "The answer is the safe harbor. The regulators will understand that an enterprise has taken every step to do robust testing, and those companies will be given more latitude."

Tightening the mobility screws

The experts stressed that IT managers must examine all the risk factors of mobility and respond to each one.