PDA security is mobile security. When Microsoft and Cisco finally get their VPN quarantine/NAP (network access protection)/NAC (network admission control) technology straightened out, this will be a cinch. In the meantime, you need to cover a few key issues, including asset management, perimeter security, authentication, data encryption, support, and software updates. On the upside, this is all pretty standard stuff that you simply apply to a new platform. On the downside, except for a few key players, there aren't many all-in-one PDA security and management platforms yet available.
One of the better such platforms I've found is Pointsec , which has a product version for every mobile OS, including Symbian. Another good one is SureWave Mobile Defense from JPMobile. Both concentrate more on security than asset or network management, but they're broadly featured and constantly updated. Another good platform is Bluefire, a PDA-capable wireless authentication, firewall, and roaming platform similar to NetMotion Wireless.
Failing these, Microsoft has a few security downloads for the Windows Mobile OS, but the company will direct you to the Handango software store for more in-depth purchases. Handspring has most of its stuff on its own site. You can find most anything you need at these sites, but very little of it is name-brand. There are loads of data-encryption apps for safe data storage and a few authenticators and anti-virus products. Some lowlife even stole my remote PDA-killer idea. (If you lose your PDA, you send an SMS message to it and all your data is wiped. I'll partner with anyone who wants to beat these guys to market.) Bottom line: You need to test any purchases hard before deployment.
No matter which software toolkit you choose, you still need to reign in Mr. Gadgetfreak. He needs to choose a single smartphone or PDA platform. IT needs to track it and enforce a strict policy on what he can and can't do with the device. Network authentication must be strong, preferably WPA (Wi-Fi Protected Access) -- although I don't think that exists for PDAs yet, unless you go with an external Wi-Fi card. Furthermore, the password policy must be hard-line as well. After all, this window into the corporate network is the device most likely to wind up in a stranger's hands.
If he complains too much, just get him the USB fish tank with the e-fish that die whenever he powers down the system. There are lots of moving colors, and that should keep him quiet and drooling long enough for you to get out of the building.