There are programs where you can at least audit and try to remove some functions (Beyond Trust, etc), but really it comes down to too much work. We force strong anti-virus instead and use Websense to try to capture anything coming in from the web. Their build scripts temporarily disable real-time scan to speed up the builds. Engineers don't have a clue about protecting their systems, they may be smarter than the average Joe, but that doesn't give them an advantage when dealing with system security/updates/etc. In most cases they are worse because they are lazy about updates (yet cry when you force it on them), and they seem to think that everyone in the world is a straight shooter - "oh, we don't need passwords" or "we don't need to limit access". Give me a break...

Or the other services that charge like GoodLink, etc. If you already have an Exchange server (okay it does require Exchange), wireless capability is free now and works almost as well as Blackberry. With Windows Mobile on the handheld, which is being deployed more now on phones it works great!