How to Enable a Choose Your Own Device (CYOD) Strategy for Laptops & Smartphones
July 21, 2023
In the days of yore (aka pre-COVID), the thought of using a personal device for work was relatively unheard of. Even executives pulling 80+ hours a week were using a company-provided smartphone or laptop to answer phone calls and emails outside of the office.
When the pandemic suddenly required everyone to work remotely seemingly overnight, different enterprise mobility management models sprung to life out of necessity. If you worked in an office with desktop monitors, you may have used your laptop or home computer to continue completing your tasks during that “two-week” stay-at-home order. Corporate-owned laptops may not even have been ordered by your IT team during this time, as the original plan was to return to the office. We all know how that turned out!
Let’s compare BYOD (bring your own device), COPE (corporate-owned, personally-enabled), COBO (corporate-owned, business-only), and CYOD (choose your own device) to explore the benefits and drawbacks of each—and learn why the CYOD model is the preferred method of data security-conscious organizations.
BYOD, COPE, COBO, CYOD: Navigating the Alphabet Soup of Enterprise Mobility Management
Pros & Cons of BYOD
Convenience. BYOD is an acronym for ‘bring your own device’. This mobile device management (MDM) strategy provides the most flexibility for remote employees because BYOD policies let workers use their personal devices to access corporate systems and information.
Lower cost. Since end-users can store what they need in one place (e.g., emails, apps like Slack or Zoom) from a device that they already own, this is also an incredibly cost-effective device policy for the company. And for IT departments that simply don’t want to manage the logistics (and hidden costs) involved with outfitting employees with equipment, this is ideal.
Poor data security. Unfortunately, this comes with security risks. In a survey of IT professionals, a whopping 83% reported that employees stored company data on unsanctioned cloud services; and 80% of workers themselves admit to using SaaS apps at work without getting prior IT approval. All this “shadow IT”—which is using hardware or software that has not been approved by the organization’s IT team or security group—is even more likely with BYOD. Remote employees can download whatever they want, compared to using a company-owned device with restrictions, role-based approvals, and firewalls set in place.
Software problems. Employees’ personal data must be protected, so they may be wary of installing patches or downloading apps that are being pushed by IT (this also can be detrimental to your security policies down the line). After all, they may not want to be “tracked” on the laptop that they originally bought for personal use. Even when an employee is openly installing the recommended software, they may run into installation issues that they need to address with a remote IT worker that may be hundreds of miles away.
Pros & Cons of COPE
More control. As the model ‘corporate-owned, personally-enabled’ suggests, COPE devices are provided by the company. This means IT teams have more authority over configuring the security requirements, workflows, and controls of COPE employee devices. The smartphone or laptop is set up with the necessary work-related apps the end-user needs, but employees are still able to do non-work-related things, like check their personal email or send texts.
Enhanced security features. For organizations in compliance-heavy industries with complex security requirements, COPE devices are a significantly better option than BYOD. The device usage restrictions keep employees honest and enable IT to better manage company data.
Slow deployment. These devices are amongst the slowest to deploy. For one, they are not already in the hands of the employees who need them. For another, before they get distributed to employees, IT teams must configure each device using containerization tools to ensure corporate data and personal data are separate to alleviate privacy issues (a big concern with this type of device). Lastly, there may be some training required if the employee is used to a different operating system on their personal Android or iPhone.
High-cost. Especially compared to BYOD, COPE devices are particularly expensive. As they are company-owned, the organization is responsible for maintenance, monitoring, repairs, and replacements. Plus, purchasing a device for every employee can get costly if you do not do due diligence with procurement and order from the most cost-effective vendor in bulk.
Pros & Cons of COBO
Utmost control & data security. COBO stands for ‘corporate-owned, business-only’. Unsurprisingly, this type of device prohibits personal use of any kind. The major benefit of this provisioning model is that there is no risk of personal data mixing with business data. Employees will not worry about privacy concerns like they would with COPE devices, and the need for containerization tools is kept to a minimum.
Lower cost. Restricting the device to just hold business data means it will use less data overall, lowering costs. Plus, buying in bulk is an efficient strategy for purchasing these types of devices, as COBO does not require much personalization. Speaking of...
No flexibility. The strict COBO policy may be a turn-off for some employees. This mobile strategy forces employees to use multiple devices (a completely separate laptop and cell phone for work on top of their personal electronic devices) which can cause roadblocks, especially if a COBO device is accidentally left at a different location than the one an employee is in.
Full responsibility lands on IT. Same to a COPE device, the company is responsible for managing each piece of equipment end-to-end, including replacements and repairs. This may be burdensome for small IT teams.
Pros & Cons of CYOD
More control & security. CYOD stands for ‘choose your own device’. It is an employee provisioning model that allows workers to select the devices they would like to use from a pre-defined suite of options. An agreed-upon list of approved devices makes it easier for IT to proactively plan and manage the connectivity, cybersecurity protocols (e.g., installing security software, setting up the right firewall/administrator/network settings), and other necessary config requirements before they fall into the end-user’s hands.
Some end-user flexibility. Who doesn’t like options? Giving employees the opportunity to choose a device—even if it’s from a short list of options—helps them feel like they have a say in how they work (and what their remote workspace looks like).
Simpler device management. A CYOD policy provides choice, within the confines of established IT parameters—win-win! This coupled with the fact that there are fewer device types spread across the org means that support is streamlined.
High upfront costs. Compared to ‘bring your own’, ‘choose your own’ requires a lot of initial investment—mainly, the purchasing of each device and associated logistics costs to ship to each remote user.
Implement a CYOD Program Today
CYOD balances both the organization’s need for integrated secure applications and the end-user’s desire to have options and use the device for non-work activities. With Firstbase’s employee equipment management solution, you can roll out a ‘choose your own device’ program for your employees in a manner of clicks—and get it to them on time, no matter where they are located.
1. Choose Your MDM
Mobile device management (MDM) solutions provide organizations with enhanced security alongside the ability to remotely oversee all their hardware and software. By pairing an MDM (e.g., Kandji, Jamf) with either your Apple Business Manager (ABM) or Microsoft Azure account, IT can automatically push policies and additional software onto any computer anywhere in the world—IT admins can secure, monitor, and maintain devices from their own home. Leveraging an MDM is table stakes for distributed workforces that are implementing a CYOD program.
2. Define Your Equipment Package
With Firstbase, you set the rules directly in the platform! Tailor your equipment and software needs based on departments/roles. IT teams (who typically act as Firstbase admins) have two choices here. They can either pre-select the kit to define what a specific department gets (e.g., CX agents get two screens, executives get a separate corporate cell). Alternatively, they can have an open catalog and let the employee choose what they want; then, the Firstbase admin approves or denies the asset requests.
3. Leverage Self-Service Capabilities (If Needed)
Firstbase has a virtual IT closet. Acting like the actual IT closet that every office had—though we dare say that ours is much more organized—this operates 24/7 for employees to order peripheral equipment (e.g., microphones, head seats, etc.) whenever they need to. All the Firstbase admin has to do is review the order for approval, and the Firstbase Ops team takes care of the picking, packing, and shipping.
4. Manage the Device Lifecycle End-to-End
All IT professionals know that getting the equipment to the employee is just the beginning. Things break and need to be fixed. Admins can initiate a return, replacement, or upgrade within the Firstbase platform. Just like with the initial outfitting, the Firstbase team takes care of the physical logistics that follow.
Looking to implement a CYOD plan but too worried about the burden it could place on your IT team? Request a demo to see Firstbase in action.