"You have to fit training into the culture of your company," Palma said. "If you're at, say, Grumman, people get it because they have been around this sort of security. If you're a soda-and-chips company, though, you need a lighter touch."

Another issue is usability, Palma said. Often, the technology needed to ensure compliance can affect its usability. Do you, for instance, demand complicated passwords for mobile devices, which have cumbersome input capabilities at best? Palma said he favors simple passwords.

"Technologists get caught up in things like cryptology," Palma said. "But I've run a large IT organization with upwards of 50,000 users. If things aren't usable, users will find a away around it, or it won't last. Your efforts won't be sustainable."

The bottom line is that managing mobility is hard enough, but managing it in a way that doesn't increase risk to data and regulatory noncompliance is harder still. However, the risks of not managing mobility well are even higher.

"Companies just can't afford to have [noncompliance] take place and maintain the confidence of a customer base, not to mention the regulators," Bergen said.