BYOD vs COPE: What You Need to Know Before You Choose One

72.3% of employees in the US will be “mobile workers” by 2020, according to the international data corporation (IDC).  

This means your IT team needs to mitigate the risk of mobile devices used for work.

You have 3 options:

1. You could allow your employees to bring their own mobile devices to work, AKA “bring your own device,” or BYOD.
2. You could supply mobile devices to your employees through a “choose your own device” plan (CYOD).
3. Or, you could offer a “corporate owned, personally enabled” plan (COPE).

Out of those 3 options, there’s only 2 that most companies have to decide between:

BYOD vs COPE.

That’s because CYOD doesn’t offer the personalization that comes with BYOD or COPE – something modern employees have come to expect.

We’ll explain much more about BYOD and COPE, and show you some of the benefits and drawbacks of each.

By the end, you’ll be able to choose the right plan for handling the risks of a mobile workforce.

What is BYOD?

The bring your own device (BYOD) model has been around since 2009 when the phrase was first coined by Intel.

It allows employees to purchase and use their own mobile devices for work.

BYOD has become extremely popular since 2009 with research firms like Gartner predicting that over half of employers will require their employees to supply their own devices for work.

While the trend of BYOD adoption has slowed down, a new approach to mobile device usage has picked up steam…

What is COPE?

The corporate owned, personally enabled (COPE) model was invented around 2012 and is commonly attributed to Philippe Winthrop, the Sr. Director of Product Marketing & Strategy for Mobility & IoT at DXC Technology.

This model enables businesses to do 3 things:

1. Supply their employees with mobile devices
2. Allow employees to personalize their devices
3. Maintain ownership and control over the devices

As we mentioned in the intro, COPE takes the choose your own device (CYOD) model one step further by giving employees the flexibility and freedom to personalize their devices.

CYOD enabled businesses to supply their employees with devices, but they were designed for work purposes only – dissuading employees from using them for any personal business whatsoever.

This ends up dissuading employees from using the device altogether – which is why COPE is preferred over CYOD.

But is COPE better than BYOD?

How They Compare: BYOD vs COPE

Both BYOD and COPE have their pros and cons.

Below, we lay out the benefits and drawbacks of each model so you can give your employees what they want while protecting your data at the same time.

Benefits of BYOD

The major benefits of BYOD are the low hardware costs (employees supply their own hardware) and lower service costs (employees pay for their own plans).

BYOD allows employees to work wherever, whenever – increasing productivity.

Also, BYOD gives you the fastest deployment time since your employees take care of that work for you.

Plus, your employees will be more engaged with their work if they’re using devices they own.

Drawbacks of BYOD

The major drawback of BYOD is it’s very difficult to protect personal devices from IT security threats. Without mobile device management (MDM), It’s almost impossible for you to enforce IT policies – some employees will follow them, some won’t.

If your employees use their own devices for work and one of their devices break, it can be complicated getting a replacement. Are you financially liable because it was a work device, or is your employee liable because it’s also a personal device?

BYOD exposes your organization to a variety of shadow IT risks since your employees are using a mix of apps, services, device types, and operating systems.

Your employees are most vulnerable to threats such as phishing, business email compromise, and remote access risks when they’re using their own devices to send emails and work remotely.   

Benefits of COPE

The BYOD vs COPE battle is largely a contest for which method can provide optimal security for the device along with optimal productivity for the employee.

COPE seemingly accomplishes both.

The devices are owned and controlled by you, so you can deploy MDM and MAM (mobile application management) to install the correct apps and security features for keeping your data safe while giving your employees the flexibility to use the devices for personal reasons.

Instead of digging for space on a personal device to install work and security apps, you put everything into the device you want first, and then leave the rest for your employees to fill with personal apps.

This gives you greater control over shadow IT risks because you can see what apps employees are using. Plus, if your employees start practicing unsafe behavior or they lose the device, you can shut it down and wipe the data remotely.

Drawbacks of COPE

If employees don’t have enough personal space on their devices they may not engage with it as much as their own personal device – leading to more security concerns – and a potential drop in productivity.

Under COPE, the business is responsible for keeping pace with firmware updates, security updates, and other IT trends for safe mobile usage. If you don’t upgrade and improve your devices and policies regularly, then your devices may become more dangerous than personal devices.

You also have to make sure to monitor your employees’ device usage if you want to guarantee they’re following proper IT security policies.

How to Choose Between BYOD vs COPE

BYOD is undoubtedly the cheapest method. If you’re cutting costs and can get your employees to implement sound security practices, then BYOD is your best option.

COPE is the most secure method. If you want to control the devices and mitigate any potential risks, even at a higher cost, then COPE is your best option.

But before you even begin investing in a BYOD or COPE program, you should optimize the security of your network.

Network security is the source of data protection and data exposure for all devices, including mobile.

With a robust network security plan in place, you can stop malware and viruses that a mobile device’s security app won’t catch.

To implement adequate network security, you could test different hardware and software packages and find out the hard way what works and what doesn’t.

Or, you could consult with an established IT security company who can help you deploy the right hardware, software, and security policies for guarding against malicious cyberattackers.

If you want to go the trial and error route, feel free.

If you want to know what a security company would recommend for your particular organization to protect your data, we can help.