Even if you do this, you're still left with the parent's predicament - putting devices in a DMZ or seperate VLAN doesn't make them any more secure, or any easier to manage. What if these users want to use the company's apps? How will you make sure they're using secure passwords? How can you distribute software to these devices? Of course there are fixes for a lot of these types of problems, but you're left managing solutions separate and independent of your company's central infrastructure which is time consuming and a pain in the balls. Want to push apps with your BES? Sorry, your iPads need the App Store, your Android needs the Marketplace – gonna need corporate accounts for each. How about enforcing policy? Sure, there are apps out there that let you manage Androids, but if you want a BES equivilant, nothing even comes close in functionality, and some utilities require rooting the devices – then you’re left with managing a service independent of your BES while doing your own tech support on the phone because you voided the warranty.
Thankfully I don’t have to manage mobile devices in my current environment (yet), but having Macs in our 2008 AD environment is a headache – running (a now neutered) Open Directory environment in parallel, can't use our imaging solution for system deployment, no app deployment through SMS, no accidental damage warranty for laptops, no unified AV management platform, the inability to use hardware manufacturer’s bootable diagnostic tools – I could keep going, but the horse is already pile of red mush. If we ever start using iPads in the production environment, kill me.