BYOD vs. Company Owned: How To Choose A Device Policy

Wednesday, October 21st

Considering the current stress on the supply chain of Laptops and devices, there has never been a better time to re-evaluate your company's policy on devices. The two options that most will consider are "bring-your-own-device" or providing a standardized device that is paid for by the company.

When you decide to add devices that enable mobility to your company’s infrastructure, it’s critical to have a plan in place that outlines responsibilities for maintaining device security, protecting company data, and paying service costs.

You have options when it comes to mobile devices, and there are pros and cons to each.   Knowing the differences between BYOD (Bring Your Own Device), CYOD (Choose Your Own Device), and COPE (Corporate Owned, Personally Enabled) will help your company decide which policy it should enact. Below, we explain the unique features of BYOD, CYOD, and COPE, and how each model can benefit your business.


BYOD (Bring Your Own Device)

BYOD (bring your own device) is undoubtedly the most well-known policy on this list, and the most popular deployment model for businesses. Under a BYOD policy, employees bring their personal devices to the office and use them for work-related tasks. After the device is approved by the enterprise, the company must then install an agent or application that allows them to manage the security of the device from a central management system (such as an enterprise mobility management solution).

With a BYOD model in place, employees are fully responsible for keeping the device safe by preventing it from being lost or stolen. This also includes avoiding public WiFi networks and not bringing malicious programs and applications onto the device. Because the security of the device itself is ultimately in the user’s hands, it can be difficult for enterprises to enforce security policies. That’s why a device management solution is so important for enterprises, especially for BYOD-friendly organizations.

However, a successful BYOD policy can be the most cost-effective solution for businesses while also satisfying employees. It’s likely that your users will be more familiar with their personal device than any device your business could provide for them. Thus, letting them use those devices for mission-critical tasks can lead to higher productivity. Also, since the device is owned by them, employees will also pay for the mobile plan, saving money for the business in the long run.


CYOD (Choose Your Own Device)

In a CYOD (choose your own device) policy, an enterprise will provide a set of pre-approved mobile devices and allow them to choose one. These devices are typically configured with security protocols and business applications before the worker selects them. Depending on the CYOD policy, the user might own the device after selecting it and pay for it upfront, or the enterprise might offer employees a stipend to cover costs while maintaining ownership.

CYOD is often seen as a middle ground between the BYOD and other policies, since it still grants employees a degree of freedom in selecting their device. Since the enterprise chooses which types of devices will be deployed, they can maintain device compatibility and install security features before employees start using them. That can help them ensure the devices and the data contained within are protected. Unfortunately, employees might not be necessarily be happy with the device selection available. Even if you approve a wide variety of devices, employees might not be able to become fully comfortable with the hardware they’re given.


COPE (Corporate-Owned, Personally-Enabled)

At the end of the spectrum, a COPE (corporate-owned, personally-enabled) policy grants users access to mobile devices that are fully owned by the company. Your enterprise will maintain full ownership of the mobile device and will pay for its operation costs. However, the user who works with the device is still given options to personalize it; they can still download non-work related apps and customize the interface to their liking.

Enterprises have the most control over their devices under a COPE policy. They don’t relinquish ownership of the mobile devices, and they can pre-configure them to maintain device and data security. This means that COPE-managed devices are the easiest to secure, since the enterprise can lock them down effectively beforehand. It also means that the user has the least degree of freedom in selecting a device that suits their needs, which might be frustrating to the user. In addition, COPE can be the most expensive for the business.


Which model is right for your business?

When it comes to determining which policy model your company will enact, you need to consider the advantages of disadvantages that each one brings to both your business and employees. Does your company want to prioritize user satisfaction and productivity or device security and data protection? It may want to compromise between those two ideas to attempt to make both sides happy. The best way to avoid falling into the downsides of the policy you choose is to make that policy your own. Design your mobility model around the features you want, finding the right balance between enterprise and user control.

Another factor to consider is that BYOD, CYOD, and COPE are not the only models out there. Two other infrequent policy models are COBO (corporate-owned, business-only), where the device can only be used for work-related purposes; and CLEO (corporate-liable, employee-owned), where employees own the device but the company is responsible for service costs. While these policies are not as common anymore as BYOD, CYOD, and COPE offer more flexibility and security, they’re still a valid option for enterprises examining mobility solutions.