We skipped the whole BlackBerry/BES thing where I work. If you're using Exchange 2007/2010, there are several client management settings that can be used to restrict access unless devices are configured to meet a desired security posture like having a PIN lock set. Exchange will remote wipe lost devices, and I have personally wiped a few evaluation phones just to test the feature. Exchange is not locked into one vendor's phones like BES, so the same Exchange client settings work for iOS, Android, and webOS devices. My employer is not bound by corporate compliance laws, so we really don't use any of the available restrictions. You can browse the various phone forums to see others complaining about not being able to connect to their work Exchange servers without restriction X enabled on their phone, though.
One interesting statistic is that we have 50+ phones on the business plan and lord knows how many personal ones connecting, and have yet to wipe a single phone due to it being lost or stolen. Makes it difficult to argue that complex passwords and full device encryption must be required on all devices when I can't point to a single case where it was necessary. Outlook Web Access has been a bigger security problem than portable devices for us.....