COPE vs. BYOD vs. CYOD – What’s the difference? And how can you protect your data?

The great debate of devices and how they function in business is the topic du jour. There’s BYOD (Bring Your Own Device) vs. COPE (Corporate Owned, Personally Enabled), and now even CYOD (Choose Your Own Device).

Each of these approaches have inherent advantages and pitfalls, however there is no right or wrong answer; it is all based upon the unique needs, objectives, and capabilities of their individual user groups within each business.

BYOD is arguably the most popular and well-known approach. In the BYOD model, employees are granted full responsibility for choosing and purchasing the devices they use, as the smartphone, tablet, or other gadget are their own.

While BYOD can offer major benefits for companies, such as increased employee satisfaction and productivity, however the risk of sensitive data being housed on an unsecure phone is too big to ignore.

As security and visibility into how the device is being used is not readily available, BYOD can be a burden. If BYOD is chosen, mobile device management (MDM) software is highly recommended in order to create a level of security around the usage, access to information and policies of utilizing the device. This can be taxing on internal IT teams, as a lot of time and energy is required to manage BYOD programs internally.

  • Lower hardware and service costs
  • Higher user engagement and convenience
  • Enhanced productivity and enablement
  • Few or no wireless carrier management requirements
  • Fastest deployment time
  • Security is more difficult to enforce and less centralised with BYOD than with COPE or CYOD
  • No control without Mobile Device Management (MDM)
  • Replacement can be problematic when device breaks
  • More complex support definitions, more work to enforce requirements
  • Configuration costs are higher
  • Enhanced legal implications and risks

Following BYOD, there has been some talk of COPE (Corporately-owned, personally-enabled) as a way to preserve the productivity benefits of BYOD while reducing cost and risk.

COPE is a popular approach in larger businesses, as it maximises control over mobility in a number of ways. Employees are given smartphones that are paid for by the company, meaning the business retains ownership of the devices.

COPE allows management teams and IT leaders more control over which devices are supported and what controls are in place on the device while still allowing employees the ability to personalise their phone or tablet.

  • Work/life balance on a single device
  • Personal apps
  • All advantages of CYOD
  • Enhanced control and authority over devices
  • Fewer security concerns than BYOD and CYOD
  • Potential for productivity issues given less user freedom
  • Business fully responsible for maintaining pace with innovation
  • Monitoring policies must be in place
  • Slowest deployment timeframe

Just as they could on a totally personal device, employees can send personal emails, access social media, and download photos. However, the integration of application controls can prevent corporate data from being available on the phone outside of set perimeters. This also means that the IT department has more control over the device; such as the ability to wipe the device clean should it be lost.

And, last but not least, CYOD is characterised by businesses as giving employees a list of approved devices that will meet the needs of the employee and the company. Devices can be pre-configured with all the necessary applications for employee productivity and protecting sensitive data that might be present on, or accessed by a mobile device.

  • Can reduce hardware costs compared to COPE
  • End users are still in control of their own technology
  • Procurement standards are tighter than those of BYOD
  • Support standards are streamlined given a more homogenous pool of options
  • Users only have to carry one smartphone, one tablet
  • Some staff might not be happy with choices
  • More complex procurement process than BYOD or COPE
  • Does not completely eliminate hardware costs
  • End users might struggle with replacement and repair needs
  • Onus to remain up-to-date with mobile technology placed on business
  • Slower deployment timeframe

Employees often mistakenly think that their mobile phones are not at risk to the same types of threats as their desktop computers, but in reality, their mobile devices are simply pocket-sized computers, and are at increasingly greater risk as new cyber threats infiltrate and damage mobile devices.

Security breaches on mobile devices are attacked by some form of malware – just like a computer becomes infected. Too often, mobile users are not aware that they have downloaded damaging malware onto their devices, meaning that access to sensitive data can easily be gained. 

Phishing messages are becoming more and more convincing making it harder for employees to identify a phishing message that has potentially been masked as an email from a client or colleague, causing them to disclose information that can be used to gain unauthorised access to confidential systems.

Even with the multitude of anti-virus applications available for smartphones, these only detect a fraction of threats. Ultimately, the best way to protect these devices is stop the threat at the source: the network.

In many cases your device could get infected with malware while off the corporate network and then when you bring the device back onto the corporate network, you also bring the malware. COPE won’t address all the security risks of mobile devices but it is one step closer to a business world where network level security needs can be implemented more easily than in the past.

We have become acutely focused on the BYOD, CYOD and COPE movement that we may have lost sight of the need to consider protection for employees working remotely using any device.

Businesses will continue to invest in mobility (and rightly so), but before they begin to hand out new devices to all team members or jump on the BYOD, CYOD or COPE bandwagon, they need to carefully consider all security touch points.

So, then, which is the right program to choose? The answer is that there is no one perfect answer. A majority of clients will find themselves needing a combination of the three to most efficiently manage their mobile environments. Cost, security needs and work functionalities can vary drastically based on the end user’s role within a company, and mobility is not a one-size-fits-all environment. Maintaining flexibility to meet the needs of employees, providing the support for a robust mobility environment, and having insight into usage and billing is often difficult for enterprises to achieve without the expertise of an MMS provider.

Application of a method that continues to strive for optimal usage, utilisation based on work function and overall cost is the goal. Through intentional tracking and visibility, enterprises will create an effective program that enables true mobile lifestyle management for the mobility environment, even as it evolves and grows.


Search blog posts