What do they mean?
BYOD, CYOD, COPE, COBO and COSU are acronyms that describe policies applied to mobile devices used in an organization. They are also called mobility management models of the organization. The simplest criterion for dividing them is ownership.
Thus, we can divide the devices into those used privately in the model:
- BYOD – Bring Your Own Device;
and those owned by the company (COD – Company Own Devices), used in models:
- CYOD – Choose Your Own Device;
- COPE – Corporate Owned, Personally Enabled;
- COBO – Corporate Owned, Business Only;
- COSU – Corporate Owned, Single Use – limited to a specific business purpose.
How to interpret them?
The device owner bears the cost of its purchase and maintenance. They also have the opportunity to choose the equipment they buy. The only exception to this rule is the CYOD model, in which the company gives the employee the opportunity to choose the device from a list it defines.
The ownership of the device is not just about the physical device but also about the ownership of the phone number and SIM card used on the carrier. These aspects are closely intertwined, and separating them is not a common practice. As a result, the device’s owner also bears the cost of telecommunications services.
Another element of ownership is the ownership of the data processed on the device, which is linked to the nature of the device’s usage. The BYOD, CYOD, and COPE models anticipate the simultaneous use of the device for private and business purposes. This raises some concerns related to data security, data management, or the intermingling of business and private zones.
BYOD | CYOD | COPE | COBO | COSU | |
---|---|---|---|---|---|
Device owner | employee | company | company | company | company |
Maintenance | employee | company | company | company | company |
Phone number owner | employee | company | company | company | company |
Bill payment | employee | company | company | company | company |
Data owner | employee + company | employee + company | employee + company | company | company |
Purpose of use | private + business | private + business | private + business | business | business |
How to create your own policy?
It is worth starting with your needs. The models described above should be a guide, not a rigid framework into which you have to fit. When selecting or creating a mobility management policy, it is worth starting by reviewing the five most important areas:
- Device: who chooses it, who pays for its purchase, who owns it, who is responsible for its maintenance, and who owns the data on it – what kind of use we envision for the device.
- Services: who owns the SIM card number, who pays current telecommunications bills – including roaming resulting from business travel, for example.
- Management and support: who manages the device and who is responsible for technical support. Here it is worth remembering that only the installation of an MDM agent allows remote management of the device, and thus allows full support.
- Integration and applications: what level of integration with the corporate environment is required to maintain adequate workflow. Any broader integration, beyond basic tools such as mail and video conferencing, requires more work to implement and manage.
- Expectations vs. reality: what department will implement and maintain the created policy, whether the time needed to implement it will fit into the working time of current employees, whether we have the right management tools/systems.
Is it possible to meet all expectations?
This can be difficult in a more elaborate structure. The solution is to balance the level of control with the flexibility of policy/model implementation. You’ll get the highest level of control in the COBO and COSU model, then COPE and CYOD, and at the very end, BYOD. On the other hand, the BYOD model is the easiest to implement – when employees come to the company, they immediately have a device they can use for business operations.
You don’t have to choose just one type of device or management model. Policies can vary by department, device, or area of operation. Whatever direction you choose, creating specific policies allows you to protect your organization and employees consciously. Implementing a device management tool can make it easier to ensure security and regulatory compliance and maintain expected performance levels. It can even prove essential in models that combine business and private space.
A professional MDM system will allow not only to create such a space, manage its security, but also to delete or erase data in situations that require it.