This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
BYOD vs. COBD: Find the Right Strategy for Your Workplace
In the first part of this three-part series, we explored the security and automation benefits of mobile device-management apps. It’s time to explore the pros and cons of company-provided mobile devices vs. running a bring your own device (BYOD) program.
In part two, let’s get familiar with the two basic models and the acronyms. Be aware that there are some nuances within company-owned, but we won’t cover that today. The common mobile enterprise models include the following:
BYOD: This stands for “Bring your own device.” BYOD is the model that most companies use.
COBD: Company-owned business device is the generic term for COBO or COPE
COBO: Company-owned business only. This means you can only use the phone provided for business. No personal calls, texting, or data usage is permitted. This may seem extreme, but this exists in many environments where liability is a concern, privacy is paramount, time tracking is critical, call logging is necessary, or separation of business/personal is required.
COPE: Company-owned personally enabled In this model, the company provides the phone and the monthly service while allowing the employees to use it for business and personal use. When companies provide unlimited plans, it’s a relatively inexpensive perk. Companies realized years ago that employees take better care of the mobile device when they use it for personal use and are not required to carry two phones.
The Pros and Cons of Company-Provided Models
Company-provided mobile devices require the same work company-provided computers do. You should manage company-provided mobile devices like a laptop because smartphones can cost just as much as a basic laptop and should be handled like laptops - meaning the same care and diligence should follow. In addition, mobile phones can also be a security vulnerability - which can cost a company vastly more than any laptop.
The first part of having company-provided devices is deciding how the devices are assigned and supported. Some of the considerations include:
- Who will receive a company-provided device?
- What type of device will they get?
- Will the job title determine who needs a mobile device or the job function?
- How often will the device be upgraded?
- Can the lifecycle management fit into an existing process, or will a new process be needed? How frequently will the carrier contracts be reviewed, and how will pricing be benchmarked against competitive market rates?
- Do employees need to be contacted while away by customers, or do they only need to connect to the employer’s network while traveling?
- Does the mobile device need to synchronize with the company directory?
- Does it need to handle email, SMS, and calls?
- What governance is required to address security risks?
- Will the mobile device handle email?
- Can the mobile device have a camera on it?
- Can it be allowed in all areas of the company?
- Can the mobile device be allowed to connect to wireless access points?
Your company’s mobile device policy needs to match your mobile device model. The business should clearly define the requirements and policies and incorporate a mobile device policy that clearly outlines usage and procurement. For example, if the job requires placing international calls, the company phone should come with an International plan (or the stipend commensurate with the plan). In addition, stipend amounts should get reviewed annually to ensure fair market compensation.
Businesses may need various types of smartphones and often need to manage several in large environments. Industries such as film, pre-media, marketing, and journalism may require iPhones for the simplicity of synchronization to other Apple products. Industrial environments may need flip phones or rugged devices. Over-the-road truckers may need mobile hotspots for various equipment in their trucks.
There are several pros in maintaining company-provided devices along with a mobile device management solution. It can ensure that the employee isn't sharing company data after leaving the company. It allows for an employer to get in contact with an employee 24/7 when needed. There are also cons to company-provided devices. Resources are necessary for hardware lifecycle management, software updates, billing, contracts, etc.
- Employees carriers two devices
- High purchase cost
- Deciding which model to use COBO, COPE, or BYOD
- One to two carriers provide better savings
- Management of device
- Support would be easy
- Cost could be lower with a higher number of lines
- One to two carriers limit where users device works
The Pros and Cons of the BYOD Model
Now that we have explored company-provided devices—let’s look at the BYOD model. Most companies use this model because implementing BYOD can be as easy as giving the approval to let the device on the network.
There are both practical and financial benefits to BYOD: Users are responsible for their own broken devices, upgrading and replacing them on their own, allowing the telecom department to focus on other matters. In addition, there’s no need for the company to worry about tech equipment invoices, vendor contracts, or a support team to resolve tech support issues.
Companies can offer to set a BYOD stipend amount based on the end user’s role, ranging from $25-$45 per month, and typically reimbursed on the monthly payroll. Others offer a reimbursed business expense (RBE) and require a copy of the employee’s monthly bill.
Mobile carriers often offer to work with companies to perform payroll deductions to withdraw the stipend out of the employee’s paycheck. There are great benefits of this for the company as well as the employee. The employee doesn’t have to remember to pay the bill, payments are never late, service isn’t interrupted for lack of payment, and the carrier gets paid on time.
BYOD with a stipend model can present sensitive security issues. For example, if the company’s email is to be accessed on the user’s phone, it should then be enrolled in its mobile device management (MDM) solution. This should be a strict policy for security reasons because email can be a point of compromise. Last, should an employee be terminated, access to email—including old, archived email, should be immediately disabled via the company’s MDM tools.
Here’s a sidenote—companies that issue laptops typically already have an MDM solution for them. This is a common security measure so that, in the event of a lost or stolen laptop, the data can be secured or even entirely erased remotely. MDM platforms are often designed to extend to different device types such as laptops and cellular devices. Therefore, extending MDM to a BYOD device can be done with BYOD with some solutions. Your mileage may vary.
- Fewer resources needed to support mobile devices
- The employees purchase the devices
- The employees select the technology suitable to their comfort levels.
- Potential loss of company data
- Higher security risk
- IT support of multiple devices types such as iPhone and Android
Your company’s position will influence how you manage your devices and draft your mobile device policy. There’s not necessarily a right or wrong way to manage your company’s mobile devices. Instead, a company’s policies, resources, and business requirements will likely govern the mobile-device model.
Whichever solution you opt into, productivity is your end goal for mobile employees. Regardless of the model you select, having an MDM solution in place will help reduce management overhead and increase privacy and security.