Enterprise Enrollment: What’s the Right Approach for You?
What’s Your Enterprise Enrollment Strategy?
Enterprise mobility is on the rise — and has been for a few years. While only 26% of U.S. companies provide their workers with a mobile device, that number is expected to increase alongside the bring-your-own-device (BYOD) trend. For the latter, more than 70% of companies are at a point where a BYOD policy is available to all or some employees according to a survey conducted by Tenable and LinkedIn.
As more and more companies make mobile devices available to their employees and the opportunity for a BYOD policy increases, so too does the need to better understand, control, and manage how those devices are being used. With more mobile devices in play in a professional environment comes greater security, operational, and financial risks. This is where unified endpoint management (UEM) comes into play.
UEM is a single solution for managing all of the various aspects of a mobility program. This includes hardware, software, and support services centralized through a single platform (and ideally, a single provider) to simplify the otherwise burdensome responsibility of managing enterprise mobility. But there is an important decision in any mobility program that must be addressed up front, as it impacts nearly every aspect of the program once made.
That decision is how to handle enterprise enrollment. This covers how devices are enrolled into an organization’s mobility program, including how applications are downloaded, installed, and used and how data moves to and from those devices. While it’s not always black and white, there are two high-level options: company-provided devices and user-provided devices (i.e., BYOD). Below, we’ll explore some of the pros and cons of these two options.
Enterprise Enrollment: Company-Provided Mobility
When enterprise enrollment is managed by the organization (i.e., the IT or information security team), it provides a greater level of overall control in several areas. First, devices themselves — whether phones, tablets, or computers — are almost always provided by the organization. This ensures uniformity of operating systems and device types. And because the company provided the device, they have significantly more control over how it will be set up and used.
This is particularly important when it comes to enterprise data. Depending on how your organization is set up and how customer/internal data moves from application to application, a company-managed enrollment program can be structured to limit access to certain applications, sites, and so on. Company-managed enrollment also protects individual data assets themselves, such as email attachments, site downloads, and more. This data can be encrypted to prevent it from being accessed by external sources or on non-company devices.
When employees leave the company, their devices are returned to ensure no data is taken or stolen and that the device can be prepared for a new hire. Access to key applications, sites, and other data can be immediately removed to prevent any issues. These measures protect valuable intellectual property, customer data, employee communications, and other records.
While company-managed enterprise enrollment allows greater control over a mobility program and its assets, it does come with some downsides. Since devices are being provided by the company, the costs of researching, purchasing, configuring, deploying, and managing such a program will be significant. This is often why many organizations consider leasing enterprise hardware rather than purchasing it outright, or why they opt for a BYOD policy instead.
Obtaining the devices is also itself a significant undertaking. They must be researched, tested, eventually purchased, and then rolled out strategically throughout the organization. Depending on the size of the organization, this process can take anywhere from weeks (for more streamlined programs) to several months (where delays or planning problems may have occurred). Whether an enterprise enrollment proceeds smoothly will depend on the amount of preparation and internal alignment completed ahead of time.
Additionally, if devices are being provided and enrolled by the organization, this puts the onus for maintenance and support on the company. Whereas a BYOD policy may require employees to keep their devices in good working order to be used for professional purposes, a company-provided mobility program will require support from internal teams. If such a team doesn’t exist, or if existing teams don’t have the capacity to provide it, this will add hiring and training costs to the program.
Note that a COPE (company-owned, personally-enabled) policy faces many of these same challenges, as the devices are owned by the company yet used for personal matters by the employee. It requires a looser grasp on the device from IT while restricting certain activities or apps that employees can use. However, devices must still be purchased and monitored.
Enterprise Enrollment: User-Provided Mobility
When individual employees provide their own devices through a BYOD policy, this removes the need for the organization to invest in and roll out a large-scale hardware program, saving significant resources and time. Employees using appropriate devices can simply download the applications and information they need to do their jobs. This also lifts some of the responsibility for support off of IT and other departments, as non-business-related in application issues won’t be the responsibility of those teams. If the device is damaged, the company won’t be required to replace it.
Another benefit here is that data can still be removed from the device once an employee leaves. In an enterprise enrollment using BYOD, the employee receives access to data based on their credentials for accessing business applications. When the employee leaves, their access is terminated. While the application might remain on the device, its data can be removed or access to it can be revoked to prevent any issues after the employee’s departure.
While a BYOD policy saves the organization a fair amount of time and resources, there is the issue of configuration and support. With the sheer number of mobile devices and operating system versions available, it will be next to impossible to ensure that the applications employees need can operate on all devices and OS versions. Significant testing would be needed, and any issues due to device or OS might not be caught as easily as they would if all employees were using the same device or a smaller number of device types.
With a BYOD policy also comes an unavoidable reduction in the amount of control an organization will have over devices and data. While access to data can be restricted through different measures, there are still more opportunities for that data to be put at risk — whether unintentionally or through some malicious intent. It will be important for organizations managing enterprise enrollment on personal devices to ensure they’re following the most up-to-date security standards and best practices to prevent any incidents from occurring.
Get Expert Guidance for Your Enterprise Enrollment Needs
Enterprise enrollment is an important decision, and not one to be made lightly. Don’t invest the time into researching these options when TRG can help you determine the right one for your goals. Our expert team has been helping companies with their enterprise mobility and UEM strategies for years. Put our expertise to work for your organization. Fill out the form below to get in touch with our UEM team today to learn which option is the best for you.