CYOD or BYOD: A growing cybersecurity choice

Time to dump BYOD in favor of CYOD? 

As malicious hackers step up their attacks against mobile platforms, enterprises may want to re-examine whether there’s a better way to protect the security of their mobile users.  

One idea is CYOD, short for Choose Your Own Device. This is essentially an updated variation on the Bring Your Own Device (BYOD) theme  but in this case, employees get to choose their devices from a preapproved list.   

CYOD puts more of the purchase decision into the hands of the organization. In theory, the change means that IT will be able to buy devices that are more closely aligned to the organization’s workflow and processes  and presumably, also easier to support. 

Above all, CYOD offers big security benefits, as it's much easier for IT to manage and support the devices compared to BYODs. 

The BYOD experience of the last several years — replete with incidents of data leakage, unauthorized access to company data, and systems and employees downloading unsafe apps and content — has left IT executives understandably uneasy about the security implications of continuing to let employees use their personal devices for work. 

Moving to a CYOD regime would mean that management can limit employee access to certain apps and even certain functions. And instead of burdening users with the responsibility to install anti-virus software, administrators would be able to take the lead in highly securing the devices and enforcing policy-based administrative controls and network settings in a more centralized fashion. 

CYOD further eases the job of distributing software updates. Unlike BYOD, where there may be many different operating systems to manage, IT only needs to manage a narrower list of approved devices that run a handful of standardized environments. 

The CYOD approach, which has been around for a few years, is predictably resonating in certain quarters. About three-quarters of the 700 IT decision-makers surveyed by IDC said their organizations offered  or planned to offer  CYOD programs for their employees. They also noted that BYOD programs “are both difficult to manage and to secure.” 

Split decision 

At the same time, CYOD doesn’t come without certain downsides. For instance, employers risk incurring the wrath of their workforce, upset about losing a perkIn a worst-case scenario, it could hurt morale and even dampen productivity gains. 

Meanwhile, CYOD makes the corporation responsible for buying the devices as well as for providing security management. So while a CYOD model may help increase security, the organization winds up paying the full tab. 

Lastly, inventory refreshes may not keep pace with the latest developments in the market, leaving users stuck with older technology.   

Security practitioners are understandably tired of playing constant defense. CYOD at least holds out a promise of strengthening mobile security. After years scrambling to keep order in the often-messy BYOD era, maybe it's time to try another way. 


Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post. 

Copyright © 2017 IDG Communications, Inc.