Today, CIOs and enterprise leaders are faced with deciding which mobile device strategy and infrastructure best suits their business:
- BYOD, or Bring Your Own Device, is the practice of allowing employees of an organization to use their own smartphones, or tablets for work purposes.
- COPE, or corporate-owned personally-enabled, is a model in which organizations provide employees with mobile devices, and allow them to use the devices for their personal use as well.
- CYOD, or choose your own device, is the practice of providing a selection of pre-approved devices for your employees to choose from to use in and out of the office.
While many companies started with BYOD, the current trend is shifting to COPE devices because of the concerns over security, legal issues related to control vs. user privacy, and IT compatibility. Employees with BYOD devices may be putting company data at increased risk.
A recent study by the Wall Street Journal Custom Studios and Symantec, Keeping Your Data Safe: Protecting Corporate Information in the Cloud, determined that 51-percent of employees think securing corporate data is the job of the company IT team rather than their own responsibility. The report also found:
- 79% of employees admit to engaging in risky behaviors—intentionally or unintentionally—that place corporate data at risk
- 48% of employees don’t think about security risks when transferring files or sharing documents over cloud-based services
As businesses think about making the shift from BYOD to supplying their own custom devices – either COPE or CYOD – it’s important to understand the advantages and disadvantages of the two strategies. Through years of experience customizing and supplying tablets for enterprise and education, Minno has identified the pros and cons of BYOD v company-supplied devices that should be considered when moving your business into the connected anytime, anywhere mobile environment.
BYOD policies may expose companies to more security vulnerability and legal liability through personal use habits like downloading risky apps, OS versions not being updated with patches, weak or no password protection, and conflicts between company control and user privacy. When an employee loses a device, the data on it may be viewable to anyone if a PIN or password is not set. Employees may also be reluctant to report a lost or stolen device to the company for remote wiping if they have personal photos or data on it.
Many companies today want to have control over devices to manage employees and data security. MDM software is increasingly being used to know where devices are, how they’re being used, and to wipe devices remotely, if necessary. A corporate-owned device, provided to employees and governed by company policy, reduces conflicts, and minimizes vulnerabilities from risky sites, public networks and downloading questionable files.
Legal and IT
From a legal standpoint, BYOD policies may create a legal minefield of issues related to employee privacy and potentially legal discovery v corporate control of data, devices and policy.
The initial investment in hardware may be high, but cost savings can be captured over time because a consistent hardware platform is easy to support, enables optimization of software for the platform, and an employee provided device leaves no doubt about ownership and control of both the device and the data on it.
A device customized for business can be optimized and better secured, allowing for better control of data and the ability to tailor its use to prevent intrusions onto the device. Unnecessary and possibly vulnerable features can be locked out, making the device a business tool, rather than an open platform.
In theory, BYOD reduces capital investment costs because employees are using their own devices. Also in theory, the employee is handling updates and maintenance of the device they personally own. In reality, corporate IT costs may well outstrip the capital savings because the IT department must make corporate systems work across many platforms, operating systems (iOS, Android, or Windows), and variance in hardware. Furthermore, the business no longer benefits from bulk purchasing discounts and vendor partnerships.
Custom tablets are built as tools for a company, so they can be designed with only the features a company needs for its business functions and other peripherals can be excluded or locked out to minimize cost and vulnerabilities to hacking. The cost of providing custom devices for employees is often offset by bulk buying power, optimization of software for a single device, and long-term cost savings on IT. Software development costs can be minimized by releasing large new software versions only when technology replacement allows for higher performance devices to run new versions of software which may require more processing power and memory rather than trying to develop and update software across many variant devices.
Employees may like and be familiar with their personal device. But some employees resent companies making them use their personal device, perceiving it as subsidizing the company with their own device use. Also, some employees feel it creates an unfair advantage for employees that can afford higher performance devices than those who cannot.
All company-provided devices are equal, employees view the COPE device as a benefit, and there is a reasonable expectation that the company will have control over the device and data security and that corporate policies be followed when using it. Employees also become comfortable with the device as a group and can share tips and tricks on how to use their tablet and mobile device.