Step One for Addressing Text Message Risk: Device Ownership

This article is an excerpt from 5 Steps to Eradicate Text Messaging Risk.

This guide to building a strong mobile risk management program will let your organization take advantage of text messages for business while enacting and enforcing policies that mitigate risk. You can download the full report here.

Who will own and operate devices used for text communications?

To begin, address how your organization will provide mobile devices that are used for business text messaging. This is important, because your device ownership and billing model will have a significant impact on how your organization implements its mobile and text messaging archiving and compliance plan.

The major categories of device ownership are Bring Your Own Device (BYOD), Choose Your Own Device (CYOD), Corporate-Owned Personally Enabled (COPE), or a combination of these scenarios. Each approach to device ownership has advantages and drawbacks, so there’s no ‘perfect’ solution that suits every organization. Your choice of device ownership should be made based upon the specific needs, objectives, and capabilities of individual user groups within your organization.

Bring Your Own Device

BYOD, also called Bring Your Own Technology or Bring Your Own Phone, is the policy of permitting employees to bring personally owned phones to the workplace, and use them to access privileged company information and applications. BYOD is making significant progress in the business world, with many using their own devices at work, especially in small to medium sized businesses.

  • Advantages: Lower hardware and service costs; increased productivity and easy enablement; fewer or no carrier management requirements; quick to deploy; lower hardware and service costs for the organization.
  • Disadvantages: Security is more difficult to manage and is less centralized compared to CYOD or COPE; no control over a device without a Mobile Device Management solution (see below); takes more work to enforce compliance requirements; may have additional legal and compliance implications and risks.
  • For compliance: BYOD can allow organizations to apply some level of policy and technology to the device for business text messaging use. However, this approach can be limiting to employers if not managed properly, due to restrictions on how much text messaging data can be archived and supervised on employee-owned devices.

    Companies with less involvement in sensitive data management may benefit from the BYOD approach. Small businesses without a significant compliance requirement may find this is the most affordable device ownership option.

Choose Your Own Device

With CYOD programs, an organization provides a predetermined, limited menu of devices that employees can choose from for business use. The organization may also prohibit use of a CYOD device for an employee’s personal purposes (i.e. no personal phone calls, text messages, emails, etc. can be made from the device), although this is relatively uncommon today.

CYOD devices are either paid for/owned by employees, or the organization provides a device stipend to the employee, which allows the employer to retain ownership of the device when an employee replaces a device or leaves the organization. This option is often viewed as a ‘happy medium’ between BYOD and COPE, as it combines the advantages and disadvantages of each approach. Organizations that want the best of BYOD and COPE, but are confident in their ability to manage the risks inherent with CYOD, may benefit from this option.

  • Advantages: CYOD may reduce hardware costs compared to COPE; employees still control many aspects of their devices; IT / support for employees is streamlined since there are fewer types of devices used compared to BYOD; employees potentially only carry one smartphone (if the employer allows personal text messages/communications on the corporate device).
  • Disadvantages: Employees might not like the selection of company-approved devices; the procurement process can be complicated compared to BYOD or COPE; the organization may still have hardware costs; IT must stay up-to-date on new mobile technologies; CYOD can be slower to deploy across a business.
  • For compliance: CYOD provides more latitude for compliance and legal teams to govern data, and apply more policies and technical controls to ensure proper handling of text messages. CYOD also provides other security options for organizations that are concerned about potential BYOD ramifications, which is a key reason CYOD continues to receive attention.
Company Owned Personally Enabled

COPE, which has evolved from the original device supply model called Corporate Owned, Business Only, is a mobile model that puts management in control of devices used by employees for business purposes. An organization provides a device to an employee at the organization’s expense, allowing for complete governance over the device and its data. Employees often have the freedom to use the device for personal reasons, but the work information on the device is managed, and the organization retains ownership of the device. Larger organizations are more likely to use the COPE model, as it exerts the most control over mobility and text communications compared to BYOD and CYOD.

  • Advantages: Allows for work/life communications on a single device; carries the advantages of CYOD, but with more control and authority over devices; has fewer security issues compared to BYOD and CYOD.
  • Disadvantages: The organization must keep pace with current mobile technology; may be slower to deploy and maintain; employees may feel they have less freedom, which could hinder productivity.
  • For compliance: Monitoring and archiving policies for electronic communications, including text messages, are easier to put in place and supervise with COPE. Because of this, COPE is often a top choice for organizations that have rigorous compliance, legal, or security requirements, including financial services, public sector, and healthcare entities.

 
This article is an excerpt from the 5 Steps to Eradicate Text Messaging Risk. Download the full report here.

Share this post!

Smarsh

Get a Quote

Tell us about yourself, and we’ll be in touch right away.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

Contact Us

Tell us about yourself, and we’ll be in touch right away.