Even as bring your own device (BYOD) policies and programs have opened up a world of opportunity for organizations, the risk and additional operational burden imposed have changed the economic realities of mobility more than many in IT realize. As organizations weigh the costs and opportunities offered by BYOD compared to issuing company devices, they need to be aware of the hidden costs of BYOD--particularly within high-risk environments.

According to Rainer Enders, CTO, Americas at NCP engineering, organizations looking at BYOD only as a cost-savings initiative need to rethink that mentality.

"I think it could well be at the end of the day that BYOD devices are more expensive than if you have full control and the company owns the device," he says. "Companies sometimes only look at the cost of the device, but when it comes down to it, [BYOD] is more expensive if you look at the total picture."

According to Enders, too few organizations factor risk into their cost considerations, making it one of the most costly hidden costs if proper precautions aren't taken.

"In my mind, the biggest hidden cost lies in the worst case scenario--when bigger issues arise like a lawsuit or a major security breach," he says. "It really comes down to the standard security question about what are the assets. What do I need to protect from a company point of view. My legal situation--how is my IP sufficiently protected. I think that is where the main costs are: This is something that is often overlooked. Companies don't really do a good job at assessing this kind of risk."

As such, Enders suggests that organizations start implementing risk assessment formulas into their dollars and cents estimates for mobile costs in a BYOD model. There are other tangible costs that are often overlooked as well, many of which have to do with managing a more diverse infrastructure and enforcing security and privacy policies that will eventually reduce risks.

"From an IT perspective, the hidden monetary costs principally revolve around enforcing security and compliance at scale. In the corporate-liable BlackBerry world--which many IT organizations are now moving away from--it was relatively simple to predict and manage risk," says Dan Dearing, vice president of marketing at Enterproid.

Read the rest of this article on Dark Reading.

Security professionals often view compliance as a burden, but it doesn't have to be that way. In this report, we show the security team how to partner with the compliance pros. Download the report here. (Free registration required.)

Federal agencies must eliminate 800 data centers over the next five years. Find how they plan to do it in the new all-digital issue of InformationWeek Government. Download it now (registration required).