The widespread use of mobile computers and communication devices has bred efficiency and convenience into many parts of the modern office. Email and instant messaging are used to arrange meetings, plan projects, and hash out complex and confidential deals. Doctors use laptops to send telehealth messages to patients, and politicians use cellphones to discuss campaign details. Though convenient, there is inherent risk in using mobile devices for work.
According to the University of Pittsburgh, a laptop has a 1 in 10 chance of being stolen. Cell phones are small, and thus easy to misplace or to have snatched from an unattended purse. Despite this, most companies expect employees to use mobile devices to access business resources. Employees who use their personal devices are often more efficient and start tasks sooner than individuals who do not use personal devices for work.
Management of these devices can take many forms, depending on company needs and security concerns. The main device ownership models cover a wide spectrum of business requirements:
Company-Owned/Business-Only (COBO)
The organization provides the device, which is for work use only. This ensures that the device has only the approved applications and programs installed. It can also mitigate risk by limiting options like visiting unsecured websites or downloading personal items that might compromise the device. The device may be put in kiosk mode, which prevents users from opening additional applications on their device. Kiosk mode can be helpful for tests, surveys, or other tasks that require uninterrupted focus.
Company-Owned/Personally-Enabled (COPE)
The organization issues the device, though employees are allowed to use it for personal activities. This limits the hassle of managing multiple phones for employees, while still allowing the company to handle the updates of applications and enforce usage of data security software. IT Departments can preload all necessary software before distributing the devices to employees.
Choose Your Own Device (CYOD)
The employee must use a device from the organization’s list of accepted options. This allows companies to lower costs by guaranteeing that programs are supported by the technology employees are using. This saves time and money, as IT staff can be confident they know how to troubleshoot the devices on the list. In this management style, there are still several options afforded to employees, while limiting the guesswork involved in providing IT support to employees.
Bring Your Own Device (BYOD)
The employee uses their own device for work. This means the company does not have to purchase the devices, cutting costs. However, the IT department may have more work to do, including troubleshooting multiple operating systems and devices. In the event that a phone is lost, broken, or stolen, there may be delays until the employee can arrange for a new device. There is also the concern that company data may be accessible to unauthorized individuals and breaches could occur, especially if there are not adequate security controls in place.
Which one is best?
All of these styles have positives and negatives when it comes to data security. A COBO plan is the most secure, as there is less chance of unauthorized usage and everything on the device will be placed and maintained carefully. COPE and CYOD are variations on this, though each offers additional flexibility for the employee. If possible, use an MDM software that provides robust security tools, such as locking capabilities and the option to remotely wipe the device or its Work Profile.
A BYOD program is very common and popular with employees, though it does pose security risks. It is especially important that the company and the individual are clear about exactly what data can be stored on the device, as well as what and how data will be secured in the event of a security incident or the end of employment.
A Work Profile, like what is available in Android’s Shared Management mode, can help overcome some of the security obstacles of using a BYOD model. This allows for more control over work apps, and additional security measures for protecting company resources. With a Work Profile enabled, a remote wipe will only destroy data in the Work Profile, not all the data on the device.
Next Steps
There are variations within each of these styles of device ownership as well, which is why it is important to have a clear Mobile Device Management (MDM) plan.
- Creating an MDM program with security concerns in mind can take some strategizing, so companies should involve Human Resources, legal counsel, and IT in their process.
- Organizations should also refer to templates to customize policies to fit specific security needs.
- Ensure that the MDM solution provides administrators with account security options such as two-person integrity and mulitfactor authentication to properly safeguard device information and actions.
When it comes to a company’s security posture, it is important to weigh mobile options carefully. Convenience and efficiency must not take precedence over the responsibilities of data protection. At the same time, digital defense does not have to mark the end of all business and user flexibility. With the correct MDM system and policies in place, mobile devices can be powerful assets in the office and beyond.
About DriveStrike
DriveStrike is a Mobile Device Management software solution that provides device tracking, remote lock, remote wipe, and encryption management through an easy-to-use online console. Contact our team to learn more, and sign up today for a free 30 day trial to begin managing remote devices. Your security is our priority.