COBO Mobile Policies
When mobile phones and tablets used for business are stolen, the potential loss extends well beyond the value of these devices. Stored data and worse — access to the enterprise network — are left exposed until the devices are recovered or remotely wiped.
Gaining more control over mobile device usage through a corporate owned, business only (COBO) mobile device policy can help enterprises assume much less risk. With a COBO approach, IT departments and other stakeholders can manage device usage at a high level.
What is COBO?
Under a COBO policy, companies give employees mobile devices that are restricted to business use. COBO is similar to corporate owned, personally enabled (COPE) mobile policies in that the enterprise purchases and supplies workers with mobile devices, but COBO devices are fully controlled by the enterprise.
Unlike COBO, COPE allows for personal use, though the enterprise generally retains control over security settings and often blocks certain content and third-party network connections.
COBO and COPE differ significantly from bring your own device (BYOD) mobile policies, which allow workers to use their personal devices for business purposes.
In comparison, choose your own device (CYOD) mobile policies help enterprises govern the network of connected devices by giving employees a list of approved devices they can use.
COBO pros and cons
The primary pro when it comes to establishing a COBO policy is data and network security.
Enterprises are becoming increasingly concerned about mobile devices used by employees and for good reason. A recent Verizon study found that one in three organizations suffered a compromise due to a mobile device in the preceding year. This alarming statistic is just one example of the risk enterprises face.
It’s no wonder many enterprises are forgoing their BYOD policies in favor of COBO when you look at the data:
70 million cell phones are lost each year, including 4.3 percent of company-issued smartphones
In one study by Bitglass, over half of surveyed organizations lack any visibility into file-sharing apps on BYOD devices and 30 percent have no control over messaging tools
Enterprise mobile phishing increased by 37 percent in Q1 2020 and continues to rise
In a 2019 study, 24 percent of enterprise mobile endpoints were exposed to device threats and 19 percent experienced network-based attacks
On the flip side, there are a few potential cons to take into account when developing a COBO policy. Chief among these concerns is the initial financial outlay. There’s no way around it — implementing a COBO program is costly. However, other models such as BYOD aren’t likely to save money in the long run.
Oxford Economics determined that BYOD results in a roughly 11 percent savings for a 10,000-employee enterprise. The economic forecasting company reports that BYOD organizations spend almost as much on employee mobile stipends as COBO and COPE organizations. Mobile device management (MDM) overhead and software costs are nearly the same.
Human resources considerations
Many job seekers consider a corporate-issued mobile device a perk. This is a good factor of the mobile policy to consider when recruiting candidates.
COBO and COPE devices must be handled with care when employees leave the company. Enterprises need to protect company information from being lost or transferred to competitors when employees move on, says M. Victor Janulaitis, CEO of Janco Associates, an international IT and business infrastructure consulting firm.
“Contact information is especially vulnerable,” Janulaitis says.
The most pressing legal issues related to enterprise mobile device policies fall under a single umbrella: privacy.
Consider privacy from the perspective of the enterprise and the employee. On one hand, companies with COBO policies will likely find it easier to stay in compliance with data privacy protection regulations, such as GDPR and the CCPA. On the other, employee privacy is a concern. Enterprises must adhere to a variety of regulations related to employee monitoring, even when they are using company-issued mobile devices.
Another consideration is records management. Janulaitis recommends keeping a tight handle on data, including retention and destruction. He notes that should a lawsuit come to light, data requested by the courts could be lost or unavailable in its original form if COBO devices are mismanaged.
Enterprises are prioritizing mobility and embracing COBO policies across industries. Many are outsourcing some of the oversight of these policies to enterprise mobility management (EMM) companies. EMM services and technologies secure corporate data on corporate-issued mobile devices, which can free up IT staff for other priorities.
The growing number of enterprises launching COBO programs is a reflection of a growing remote workforce. Mobile workers will soon account for nearly 60 percent of the total U.S. workforce, according to the 2020-2024 forecast by International Data Corporation (IDC). This figure underscores the importance of gaining or retaining control over employee mobile usage.
COBO policy basics
COBO policy specifics are unique to every enterprise, but there are several core features common to most:
Guidelines for acceptable and unacceptable mobile use
A responsive plan to handle the loss or theft of devices
Information about data usage: how the enterprise will monitor employees and what data they may review
Best practices for mobile device usage that mesh with existing corporate policies related to mobile and remote work from other devices
Once you draft your COBO policy, it’s not time to file it away and forget about it. You’ll need to periodically update your policy as data regulations and technology evolve.
Be sure to keep employees informed about any changes to your COBO policy and include the guidelines in onboarding new hires. With careful planning, your COBO policy will protect your data and help your company manage an ever-expanding mobile workforce.