Guide To Mobile Device Management Policy (MDM)

Employees are on the move, and this requires them to have access to mobile devices needed to complete their job. We aim to help answer essential questions when it comes to your organization and managing field devices.

What is BYOD, COPE and COBO?

Organizations today rely heavily on mobile technology to operate successfully. Employees require tools to function, and the most used tool is their mobile devices. Factoring in what policy is best to utilize these devices for productivity and mobile security can cause a headache.

A real-time device management solution is needed to function as an organization as well as a policy to help govern the structure of that solution. The three main policy strategies are:

  • Bring Your Own Device (BYOD)
  • Company Owned/Business Only (COBO).
  • Company Owned/Personally Enabled (COPE)
A bunch of electronic devices around a table with a overlay of a network displaying cyber security

What MDM solution is best?

Finding out which device policy works best for your organization and for the sanity of your employees can be difficult as each option has different pros and cons. Managing the scope of devices needed is crucial as they can include anything from phones, tablets and laptops.

Most companies that are looking into implementing an MDM solution already have a bring your own device policy in place without formalizing it. Keep in mind there are many variations to these policies and that what I outline might not perfectly match other organizations’ implementations of device policy.

Bring Your Own Device

When choosing a bring your own device policy, your organization saves costs as the employee is responsible for the phone and the mobility service (which organizations subsidize based on work use).

The benefit of this scenario is that the user is familiar with their own device. In this use case, the user only has their organization’s email account on the device. The user will only be using apps that can be found on the play store or app store.

Now, if your company has invested in a mobile application that your employees must use then, BYOD becomes a more significant security threat. IT Partners recommends that if you do implement a BYOD device policy, make sure that your employees’ device has minimal interaction with your company. A good rule is that corporate network access is not available from the device natively.

Big text spelling BYOD with a man on his phone and a girl on his laptop
Business man using his company phone while also looking at his company computer

Company Owned/Business Only

An excellent example of a COBO use case would be companies that use an android or IOS device with a scanner attachment for shipping and receiving packages. These devices implement custom applications that are tied directly to corporate networks. 

An example of a threat would be a simple phishing email that could upload ransomware and infect the entire system just because an employee has his personal email account on the device. COBO creates an environment where the device can only do what is required for their job.

COBO does have the restriction that the device should not be used for personal activities. Thus, requiring the user to carry around more than one device as they will need a device for work and for personal use.

Company Owned/Personally Enabled

More organizational access to the device has the added benefit of more significant support. When implementing a COPE strategy, the aim is to help your employees’ sanity by having them not carry around two devices with them all the time. One popular variation of COPE includes having multiple users on a single machine as long as the device’s software support this functionality.

The main benefit of a COPE policy is controlling what device is implemented. This means less variability in device features and functionality. The employee will no longer have a choice of what phone they can use. A COPE strategy can sometimes have the employee just having two devices anyways, especially if the user is uncomfortable with using a different operating system than what the COPE policy offers.

Keeping all these factors in mind is essential when choosing an MDM policy that works for your organization.


How does mobile device management work (MDM)?

The answer to how an MDM works is quite simple. Think of it as an application (sometimes it is) installed onto devices that give remote access to control applications, monitor data breaches, secure devices and a host of other features.

MDM monitoring is where a lot of the benefits show their capabilities. Having a monitoring ability that allows you to know precisely when and where malware was detected helps stop the spread, quarantine the phone and protect your corporate networks. The main difference between COPE and BYOD is the level of security that you can implement and monitor that can be installed.

The ability to monitor which apps are being used through MDM software helps with implementing safer security systems and more encompassing asset management. Assets are often seen as the physical device; however, you also need to consider the software assets and mobile apps assets (Often in the form of licensing).

How do you make sure you are Protected?

We here at IT Partners use a unified endpoint management tool from IBM with the power of AI through Watson. This includes MDM service but also helps with productivity and security solutions for the following:

  • Mobile threat Defense
  • Mobile Application security
  • Apple device Management
  • Android device management
  • Windows device management

With our management of IBM’s offering, we are then able to offer a high level of encompassing support for all your companies devices. IBM’s Watson AI adds a level of protection by improved intelligence through solving issues faster than previous MDM solutions.

IBM’s offering is only half of the puzzle, as having managed IT that can implement proper customizations for your needs is equally important. Contact us if you have any questions and concerns about implementing an MDM solution and if you have problems with your existing MDM solutions.

Get Started