IT has traditionally had near complete ownership and control over workplace devices. But, as employees increasingly access corporate data and networks using their own smartphones, tablets, laptops and other personal devices, the IT department’s ability to ensure the organisation's security has decreased significantly.
Just as employees are going to use unauthorised software and applications to complete tasks as efficiently as possible (what’s known as shadow IT), they’re going to use unauthorised devices. It’s going to happen anyway, so IT is better off attempting to manage the use of personal devices in the workplace than trying to prevent it.
The good news is that IT managers seem to be aware of this trend. As VP of Gartner, David Willis, said, “We're finally reaching the point where IT officially recognises what has always been going on: people use their business' IT devices for non-work purposes. They often use a personal device in business. Once you realise that, you'll understand you need to protect data in another way besides locking down the full device”.
Even with the security afforded by the cloud, BYOD isn’t for everyone. Most businesses want to offer employees choice whilst staying within their comfort zone. If it’s your first foray into enterprise mobility, then it’s probably not best to start in the deep end. Organisations in this situation can choose from two alternative models: ‘Company Owned Personally Enabled’ (COPE) and ‘Choose Your Own Device’ (CYOD).
With COPE strategies, employees are supplied a device chosen and paid for by the company, but they are free to use it for personal activities. It’s up to the IT department to decide how much choice and freedom employees get. This is the closest model to the traditional method of device supply, Corporate Owned Business Only (COBO), and the one that gives IT the most control. Rather than trying to create space on a personal device for secure data and device management – as IT would in a BYOD scenario – COPE lets admins create space on a fully managed device for personal use.
The CYOD model, on the other hand, still gives employees the freedom of choice, but narrows the options to a pre-approved list. It’s been labelled ‘the corporatisation of the consumerisation of IT’ and ‘the more manageable BYOD’, since it makes concessions for user choice without IT having to relinquish control.
While COPE is the favourite among larger enterprises due to the level of control, CYOD is the most widely adopted as it strikes a good balance between the needs of employers and employees. One CTO quoted CIO Dive sums it up nicely: “CYOD is … the best of both worlds; a controlled network environment that still offers employees the benefit of a single work or home device of their choice. CYOD is also less of a cultural leap for the organisation, since maintaining ownership of the contract is much closer to the status quo of corporate provision”.
However, for all of its advantages, CYOD is not a failsafe alternative to BYOD. As a CompTIA report states, even when companies ban BYOD in favour of the choice model, “ambitious employees will find ways to utilise personal devices and applications even if they are forbidden”. This is because CYOD shrinks what BYOD is supposed to provide in the first place – freedom to choose which device suits the user best, including devices that are at the forefront of technology. CYOD strategies therefore mean less freedom for employees and may not provide as high satisfaction as a BYOD model would.
BYOD, CYOD and COPE are different methods of addressing consumerisation of technology in the workplace. As they each have their pros and cons, the model you choose will depend on your organisation’s needs. When exploring the options, take into account your organisation’s security needs, budget, resources, and – crucially – the culture and working style, to effectively decide which model is best suited for your enterprise mobility strategy.