Anyone researching enterprise mobility will eventually run into the terms BYOD, CYOD, COPE, and COBO (plus a few more). The acronyms themselves are easy: BYOD is Bring Your Own Device; CYOD is Choose Your Own Device; COPE is Company Owned/Personally Enabled; and COBO is Company Owned/Business Only. Beyond that, there’s little agreement on what they mean.

In the long run, it doesn’t matter which term you use — they’re all ingredients in the acronym soup that surrounds enterprise mobility. What does matter is that you are clear on what it means to you, your users and your company.

Usually, when comparing definitions, there’s a spectrum ranging from a very “laissez-faire” approach — as in, “we don’t have a mobility policy” — through basic IT integration and access via a smartphone (BYOD and CYOD), to more intense integration and control using a company-owned and company-controlled device (COPE and COBO).

Setting and defining terms

To create your own mobile program definition, whether you call it BYOD, CYOD, COPE, COBO or something else, you’ll want to explicitly describe three important elements:

  • The device: what is it, who picks it, and who pays for the device and cellular connectivity service?
  • Management and support: who manages the device and is responsible for support?
  • Integration and applications: how closely integrated and important is the device with everyday business workflows?

Shop special offers

Find out about offers on the latest Samsung technology.

see deals

Speak to a solutions expert

Get expert advice from a solutions consultant.

Talk to an expert

1. Start with the device: When building your own program and definitions, begin with the device. Are you talking about just smartphones and tablets? Or does this include laptops and other devices, such as wearables? Who gets to pick which devices are part of the program? And, importantly, be sure to agree on who pays for the device and any monthly connectivity plans. Your answers to these questions may drive you to one of the acronyms, but it’s more important to answer these questions than to pick exactly the right acronym for your program. At one end is an “anything goes” approach to mobile devices; at the other end is a much more controlled set of choices, usually with corresponding financial commitment from the company.

2. Move to management and support: Next, describe who controls the device and who is responsible for support. One option is minimalist: the touch on the device (and its support) is barely there, if at all. If a mobile device management (MDM) or enterprise mobility management (EMM) agent is installed on the device and corporate IT sets extensive and restrictive policies, that’s more maximalist, with strong controls and, usually, equally strong support.

3. Describe integration and applications: Finally, be explicit about how tightly the device is integrated into the network and which corporate applications are running — as well as any personal application restrictions. When the device only has basic collaboration tools — things like email and audio/video conferencing — that’s one end of the spectrum. If the organization has applications specifically designed for mobile devices, expects them to be part of the daily workflow and connects them directly to the network, that’s a heavier commitment to mobility, which comes with greater resources and greater opportunity to leverage the value of devices in the hands of mobile workers.

CYOD vs. BYOD

Each of the three elements sits on a spectrum, and often, correlations can be drawn. In other words, if you’re tightly integrating the device into everyday workflows by writing applications and connecting it directly to the corporate network, then usually that matches up with equally tight management and support. This, in turn, often means the company will decide to take on all or most of the device and monthly connectivity costs.

To put it another way, an increase in IT system integration and access has to be balanced with a reduction in the risk created by having unmanaged mobile devices connect to your network. That turns into tighter management and fewer device options for end users, which is where CYOD or COBO comes in. BYOD, on the other hand, generally gives users more freedom but creates greater risk for the business. Companies with BYOD policies may have looser device management and support but balance that by limiting network access and putting less emphasis on company-owned applications.

Plan a successful CYOD program

icon of a document
White Paper

Download our comprehensive 8-step guide to planning and deploying a CYOD initiative at your company. Download Now

If you find that you’re creating a program where pieces sit at very different ends of the spectrum, then you may want to reconsider whether things are properly aligned. For example, if mobility is key to your business and you’ve invested in application development, then you probably also want to make an investment in a good MDM/EMM solution to be sure that devices do not represent an uncontrolled risk to security. Don’t have a corporate-issued device program with BYOD benefits — or vice versa.

What are COPE and COBO?

COPE programs — almost always focused on smartphones — recognize that no one wants to carry two smartphones with them. Companies provide smartphones primarily for work use, but basic functions such as voice calls, messaging and personal applications are allowed, with some controls on usage and flexibility. COPE is used to describe a mobility program where the balance is weighted towards the business’s needs for applications, integration and security, and the end user is allowed to use the device for nonbusiness functions as well. COPE programs should use containerization tools, such as the Work Profile in Android Enterprise or the Samsung Knox platform, to maintain a separation between personal and work data and applications.

COBO takes things even further by outright prohibiting personal use of a mobile device. COBO could be used to describe a device running only a single application, such as an inventory system with an embedded barcode scanner. Or it could just be a smartphone where policy prohibits personal use, such as in highly regulated industries.

At the end of the day, whether you choose to use BYOD, CYOD or something else, the acronym describing your program isn’t as important as choosing the proper balance between the various elements. Your goal should be to match the level of investment in applications, support and devices. Once you do that, you can call it whatever you want.

Learn more about how Samsung Knox secures your company’s phones — no matter which policy you choose to go with. Need help with your mobile strategy? Get a comprehensive guide to planning a CYOD mobile initiative from start to finish.

Posts By

Joel Snyder

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

View more posts by Joel Snyder