BYOD's biggest detractor, for those who are serious about it, is the security assurance for the company and customer data. How can you protect that data from devices you are not 100% in control of it's sterility, antivirus, malware cleaning, and have no idea or control on what is installed on it? One way is to remove the network connectivity directly to that data and embrace 'The Cloud'.
As much as I despise the term 'The Cloud' (glorified SaaS) the consumable service is one of the ways that you can use to protect what you hold so dear. Take Salesforce.com as an example. Salesforce is the undisputed king of SaaS/Cloud services. A disconnected, yet accessible service from pretty much anywhere, that houses the lifeblood of many company's profits. Sales data. As a user of Salesforce, they don't care what you connect to their service with. It really is a BYOD model. The data at the core is protected from malicious attack, corruption from an infected client, and you can feel more secure that your data is protected. In a BYOD model it's perfect. So look at taking other business critical applications and their data away from direct connections and Cloudify it. The cost to try to adjust your in-house infrastructure and applications to accept untrusted BYOD connections will end the BYOD initiative before it begins.
Currently I am working on moving core, business and IT applications into the Cloud, both public and private clouds. Internal networks are still restricted to company controlled devices but outside of that there are things in place and expansions to increase the connectivity flexibility. For example all the servers are VMWare in a large farm. I have my own VDI instance that I can connect to from any current PC or Mac. So when I want to work at home or on the move I don't need my work PC, I actually fire up VMWare on my Mac and connect to my VDI to work. Moving Identity Management capabilities into the Cloud not only takes our reliance on 100% uptime on the internal infrastructures but also solves secure, protected Internet accessibility for password resets, access requests, and reporting by 3rd parties or Federated partners. My concern on what they are connecting with is relegated to protocol compatibility rather than device cleanliness.
BYOD already is a problem you are dealing with if you do any type of Federation only you are not worrying about the device but the connection method. Cloud services actually helps you in BYOD by taking the worry away about the device itself. Unless you are considering Cloud services along side a BYOD proposal, you should, otherwise your BYOD costs to retro-fit your applications and infrastructures to meet the increases security risks will outweigh in-house maintained computers.
End of Line.