Mobile Device Deployment Models – CompTIA Security+ SY0-501 – 2.5

Every organization has a different strategy for deploying their mobile devices. In this video, you’ll learn about the most popular mobile device deployment models.

<< Previous Video: Mobile Device Enforcement Next: Secure Protocols >>


One very common way of deploying mobile devices is to use BYOD. It stands for bring your own device. You may see this also referred to as bring your own technology. This is the employee bringing their own personal phone into the workplace and using that for corporate use and for private use simultaneously. Usually this device has to at least meet the minimum requirements, so there may be limitations on the type of device or the operating system that the person can use when they bring their own device.

The challenge you out from a security perspective is that it’s difficult to manage one of these devices because it contains both sensitive corporate data and someone’s personal data at the same time on the same device. There needs to be a method in place to protect both types of data. And then you need to have a policy in place to determine what happens when this old device is traded in when the employee purchases or upgrades to a new phone.

Another type of mobile device deployment is COPE. This is corporate owned, personally enabled. This means that the organization or the corporation purchases the mobile device, and then it’s used both as a corporate device and as a personal device for the end user. The organization is going to maintain full control of the device. Usually it’s managed through a centralized mobile device manager. And the company is going to manage this asset very similar to the way they manage laptops and desktop computers. Anything that is stored on this corporate-owned device is under the purview of the corporation. So any information on any part of the device could technically be deleted at any time by the organization.

There’s another deployment model called CYOD, choose your own device, which is very similar to COPE. But in this case the corporation would provide the end user with a number of different options for a mobile device. And then the end user can decide what type of device they would like the corporation to buy for them.

Another model is the corporate-owned model where the company has purchased the device, they own the device, and they control every bit of content on the device. Unlike the previous models we looked at, the corporate owned model does not have any type of personal use at all enabled on this device. If you need your own device, you’ll need to purchase your own and carry a separate device on your hip. This type of deployment model is obviously one where security is extremely important and they don’t want your personal data mixing with the corporate information. And if your corporate environment requires this high level of security, then the corporate-owned model may be a good option.

An increasingly popular method of mobile application deployment is through VDI and VMI. This stands for virtual desktop infrastructure or virtual mobile infrastructure. In this case, the applications are completely separated from the mobile device that you’re using. All of the data and all of the applications are running on remote servers, and you’re simply using your mobile device as a window into that application. This means that none of the data is going to be stored on your mobile device. It’s all stored in a secure, centralized area. It also means that if you lose the device, the risk is minimized because none of the application or data is going to be lost along with the device.

From a development perspective, all of your application development is all centralized, and you don’t have to write the applications for different platforms. You simply write it for one VMI platform, and anybody accessing it over that VMI infrastructure now has access to the app. The applications are managed from one central source. You don’t have to deploy new application versions on to everybody’s mobile device. And now you have one central and secure place to keep all of your applications and all of your data.