COBO, COPE, WPoCoD, COSU, BYOD, CYOD, etc.: these emerging terms define the way in which organisations manage mobile devices (smartphones, tablets, laptops, etc.) and their use by employees.
Although these acronyms may seem obscure, they play a crucial role in the way organisations tackle issues such as cybersecurity, the protection of their data and that of their employees, or their CSR and digital responsibility.
In fact, these terms reflect 2 types of strategy that every organisation needs to understand, weigh up and define precisely in order to choose the overall mobile fleet management strategy that suits it best :
Explanations 👇🏻
The first strategy for supplying mobile devices is for the company to supply mobile devices (smartphones, tablets, laptops, etc.) according to employee profiles (for example, an iPhone for a salesperson, a rugged phone for the field, a warehouse, etc.).
Terminals can be supplied :
In all cases, when the company chooses to provide its employees with IT terminals, it acquires or rents and configures the employees' IT equipment. In particular, it must replace or repair the terminals in the event of breakdown, breakage or theft, and can delete all data (professional and personal) if necessary.
💡 Think about it: buying equipment is not the only option, and leasing makes it possible, among other things, to simplify the management of stocks, repairs, end-of-life and the ‘’trend effect‘’ and the desire of employees sometimes to change equipment regularly to always benefit from the latest technology.
Depending on the strategy chosen, the flexibility of the user is more or less restricted (personal use strictly forbidden or authorised but controlled by the company, etc.), to the benefit, for the organisation, of centralised management of terminals, cybersecurity and compliance.
✅ Benefits :
❌ Disadvantages:
This strategy is ideal for companies that prioritise security and control, and are prepared to invest in the infrastructure needed to manage a homogeneous fleet of devices.
A second terminal provision strategy is where employees provide their own devices.
This is the BYOD (Bring Your Own Device) policy, which allows employees to use their own personal electronic devices (such as smartphones, tablets and laptops) to carry out work-related tasks.
This policy implies that the device is the sole responsibility of the employee: it is the employee who is responsible for their personal data and back-ups, and it is the employee who is responsible for replacing or repairing the phone if necessary, which can have a negative impact on service continuity depending on their responsiveness. To compensate for this, some companies offer to cover part of the cost of repairs.
Cybersecurity is also difficult to guarantee in a BYOD strategy, since it too is the responsibility of the employee. However, UEM and MTD solutions make it possible to secure professional use of these devices.
✅ Advantages of BYOD :
❌ Disadvantages of BYOD :
In Corporate Owned Devices strategies, the company provides mobile devices (smartphones, tablets, laptops, etc.) according to employee profiles (for example, an iPhone for a salesperson, a rugged phone for the field, the warehouse, etc.).
Personal use is formally prohibited (in the case of COBO (Corporate Owned, Business Only)) or authorised on a restricted basis (in the case of COPE (Corporate Owned, Personally Enabled)).
In the COBO model, the company has total control over the devices, which are strictly intended for professional use.
Personal use is completely excluded in this context, the devices are enrolled in MDM, EMM or UEM software, and the company can delete all the data if necessary (loss, theft, return).
Read the article : ‘Enrolment, Zero Touch, MDM... a glossary of mobile security terms ’
The COBO model corresponds to the highest level of control, because the devices are entirely controlled by the company. This involves centralised management of the IT estate and updates (OS and applications), complete encryption of devices, strict restrictions on the installation of applications and access to data, as well as constant monitoring of security threats (with MTD software) and, for certain devices such as laptops, the installation of firewalls and antivirus software to ensure complete protection of the company's data.
In concrete terms : application downloads via the Google Play Store are blocked, the use of a personal Google Drive account is blocked, and so on. In short, users have (virtually) no way of using their work mobile for personal purposes.
✅ Advantages of COBO :
❌ Disadvantages of COBO :
In this configuration too, companies choose, acquire and configure their employees' IT equipment. The terminals are enrolled in MDM, EMM or UEM software and are the entire responsibility of the company. In particular, the company is responsible for replacing or repairing terminals in the event of breakdown, breakage or theft, and can delete all data if necessary.
Unlike the COBO policy, in this configuration employees have the right to use the Google Play Store or App Store and download applications, whether for personal or professional use. However, the company can prohibit and block the use of specific applications.
This is the most common and comfortable case for the company: the mobile device remains the property and responsibility of the company, and the latter has the right to delete the data in case of need (theft, loss, return,…). Since personal use is permitted, it is the responsibility of the employee to save his or her personal data. The downside here is, however, that the mix of personal and business data implies that data backups necessarily incorporate business data.
In the COPE model, although the company controls the device, measures are necessary to protect employees' privacy. The implementation of VPNs, data encryption and rigorous access management are crucial. The company must also ensure that security updates are applied regularly and monitor devices for suspicious activity.
✅ Advantages of COPE :
❌ Disadvantages of COPE :
In this configuration too, companies choose, acquire (or rent) and configure their employees' IT equipment. The terminals are enrolled in MDM, EMM or UEM software and are the sole responsibility of the company. In particular, the company is responsible for replacing or repairing terminals in the event of breakdown, breakage or theft, and can delete all data if necessary.
With WPoCoD, companies provide employees with devices and can configure a work profile on these devices to secure and separate work data from personal data.
This configuration allows organisations to retain ownership of devices and assign corporate policies to devices, while preserving the privacy of employees who can safely use these devices for personal activities without compromising their confidentiality.
Companies can apply selected policies to the whole device (such as wiping data from the device, USB blocking) and restrictions to the personal profile (such as blocking certain applications), but personal applications, data and usage are not accessible to organisations.
✅ Advantages of WPoCoD :
❌ Disadvantages of WPoCoD :
It is sometimes necessary to retain total control over mobile terminals and operate them in a very restricted mode: kiosk mode (or COSU) is precisely designed to lock down the use of devices, making it possible both to secure business data and to control access rights.
The COSU configuration corresponds to a configuration in which so-called ‘dedicated’ devices are supplied and fully managed by the company and serve a specific, generally unique, professional use, for example :
By activating kiosk mode, access to mobile terminals will be limited to applications authorised by the administrator only, and users will not be able to perform any actions other than those predefined. The administrator configures a personalised desktop adapted to each type of usage scenario.
Furthermore, as devices used in kiosk mode are devices that can be left unsupervised or used for critical tasks, it is essential to secure them in a robust and strategic way.
In addition, to prevent misuse, dedicated devices are fully managed and owned by the administrator, who usually also manages the users.
In a COSU configuration, in kiosk mode, companies choose, acquire or rent and configure employees' IT equipment. The devices are enrolled in MDM, EMM or UEM software and are the sole responsibility of the company. The company is responsible for replacing or repairing terminals in the event of breakdown, breakage or theft, and can delete all data if necessary.
✅ Advantages of COSU :
❌ Disadvantages of COSU :
Under the BYOD (Bring Your Own Device) policy, employees use their own personal electronic devices (such as smartphones, tablets and laptops) to carry out work-related tasks.
This policy implies that the device is the sole responsibility of the employee: it is the employee who is responsible for their personal data and back-ups, and it is the employee who is responsible for replacing or repairing the phone if necessary, which can have a negative impact on service continuity depending on their responsiveness.
However, the company implements security measures and management software to secure business data while respecting employees' privacy.
In the case of BYOD, the company does not supply the device, but instead provides a business SIM card to the employee, who uses it in his or her personal phone. The device is registered in the company's MDM. The company can then create a business partition on the personal mobile device, into which business applications, among other things, can be downloaded.
Here, employees are responsible for their own updates (system and applications). But they often fail to do so, leaving the device vulnerable to threats.
In this case, the MDM can only be used on the professional side. The company will be able to delete the data on the professional side (Office suite or Google suite, for example), but there is no guarantee that the employee has not opened their professional e-mails via a ‘personal’ web browser instead of the dedicated application, or that they have not downloaded attachments to the personal side of the phone.
The separation between the professional and personal parts can therefore easily be breached, putting the company's cyber security at risk. Setting up other solutions (conditional access, ZTNA, etc.) can prevent users from accessing their professional data from the personal part of their equipment.
Software such as Lookout, for example, can be used to manage device compliance by taking into account both the professional and personal aspects. In this way, a device that has a non-compliant application on its personal side will be treated as ‘at risk’ and may be blocked on its business side.
The principle of BYOD is therefore simple on paper, but its implementation and day-to-day management are often more complex than they appear. From a cyber security point of view, the threats and risks involved are significant.
✅ Advantages of BYOD :
❌ Disadvantages of BYOD :
⚠️ Dangers of BYOD :
Julien, co-founder of bconnex and a former CIO, explains: ‘BYOD brings real flexibility to businesses. But it also brings its share of problems for fleet managers’. He adds: ‘In theory, BYOD is magic. But only in theory. Fortunately, technical solutions exist to limit the risks and complexities.
For example, some employees will not want to use the e-mail application provided by the company, but rather the ‘personal’ application they use on a daily basis, which they know better, and which they prefer to use even for professional purposes.
Also, not all solutions are compatible with all devices or all OSes, which will bring another set of exceptions and potential problems.
BYOD then requires a fleet manager and/or a support team to be available to assist employees on a daily basis with all these ‘exceptions’, which quickly becomes time-consuming and uneconomical in the long term.
Of course, we can't recommend that you avoid BYOD at all costs and leave yourself hanging when it comes to managing your mobile fleet. Because that's exactly why we created MobileHub, an interconnected platform for managing your IT fleet efficiently and headache-free, whatever method you choose, and why we offer a range of complementary services.
IT security is a central aspect of mobile fleet management and must also be taken into account when choosing your management model. This is another point that prompts us to recommend that you provide your employees with IT devices, and thus avoid BYOD.
Users rarely separate their professional and personal lives on their IT equipment (smartphones, tablets, laptops, etc.), and this is even truer in the case of BYOD. However, the COBO, COPE and CYOD models enable companies to control the protection and deletion of device data.
This applies not only in the event of theft or loss of the device, but also when employees leave.
Because when an employee leaves your company, what happens to the company data on their personal device? What guarantee do you have that the employee has actually deleted the company data when they leave, and that they have done so correctly ?
What's more, with the development of teleworking and hybrid working, your employees are probably only allowed to work from their work computer and probably only allowed to connect via a secure connection (VPN). Why would they use their personal smartphone or tablet alongside their work computer ?
The bottom line is that you should be able to guarantee the security of company data, whatever the mobile device and whatever the situation, and the best strategies for this are those of Corporate Owned Devices...
Read the article ‘A practical guide to securing your mobile fleet’.
The separation of professional and personal spheres and the disconnection outside work have become central concerns for employees. Some employees also question the security of their personal data in case of BYOD.
So why not make two shots in one stone by providing your employees with professional IT equipment? 😊
💡 For example : the provision of equipment by the company associated with a WPoCoD strategy brings many advantages and quite few disadvantages. Indeed, the professional/personal separation is present and security can be ensured in a complete way. For the greater well-being of employees, some solutions even allow to completely deactivate the professional part outside working hours.
There are several possibilities for organizations, whether in terms of IT terminals and mobile devices supply strategy or in terms of «technical» equipment management strategy.
The decision to adopt a COBO, COPE, WPoCoD, COSU, BYOD or CYOD strategy must be based on an in-depth analysis of the company’s specific needs in terms of cybersecurity, cost management and employee preferences.
Choosing the right mobile fleet management strategy for an organization requires a holistic view of the entire terminal life cycle and its related internal needs.
You would like to be accompanied in choosing the management model that best suits you?
Contact us! 👇🏻
