Mobile Deployment Models – SY0-601 CompTIA Security+ : 3.5

There are a number of different options available when deploying mobile devices. In this video, you’ll learn about BYOD, COPE, corporate-owned, and VDI/VMI deployments.


The first type of mobile deployment we’ll discuss in this video is bring your own device you may see this also referred to as bring your own technology. This is when you are bringing your own personal smartphone or your own personal tablet to work, and we’re using that tablet for both personal use and for corporate use. There are obviously some security challenges with having a single device that stores both personal information and corporate information. The data that’s stored on this device needs to be protected not only for your personal data, but for your corporate data as well. And there probably needs to be a way to differentiate between what is personal and what is corporate.

We also have to think about the security when we sell our phone or trade in our phone for a newer model. This is something the security administrator usually manages through the use of an MDM, or a Mobile Device Manager. A similar deployment type is one called COPE. This is corporate owned but personally enabled. You’re still using the same single device for both corporate use and personal use, but instead of you purchasing a device and bringing it to work, your office is purchasing the device and letting you use it. This means you’ll use it as a corporate device and a personal device, but you only have to carry around one device.

Since the smartphone or the tablet is owned by the company, they have full control of everything that goes onto this device. This is very similar to a laptop or a desktop that’s assigned to you by your company. These are usually administered from your mobile device manager, so everything on this device is controlled by the organization, and they can decide what information is stored on the device, and what information can be deleted.

A similar deployment type to cope is the CYOD, or choose your own device. This is very similar to COPE where the organization chooses what device you’re going to carry around. With CYOD, you get to decide the device that you’re going to use, and then the organization purchases that device for you.

On those previous deployments, we used a single device, and that single device could be used for personal use or for corporate use. But there are times when you don’t want to have a single device used for both of those situations. One of these deployments would be something like a corporate owned deployment where the organization owns the device and you can’t use it for personal use. If you need your own smartphone for personal use, then you’ll need to purchase one yourself and carry around both your personal smartphone and your corporate owned smartphone. This is probably not the most common deployment type, but it might be the standard type used if your organization has a lot of data that they want to keep private, and they want to avoid having your personal data on these same devices.

Another mobile deployment type separates the data from the device. This would be VDI or VMI. That stands for Virtual Desktop Infrastructure, or Virtual Mobile Infrastructure. With VDI and VMI, you can separate both your applications and the data from the mobile device and have all of that information stored somewhere else. This would keep all of the data and app stored external from your mobile device and you would simply access all of those applications and data using some type of remote access software.

This means that all of your data is stored securely and separate from your mobile device, which means if you lose your mobile device, you’re not losing any of that data. You can easily replace the mobile device and simply reconnect to that data store that’s located somewhere else. This model works very well for the application developer, because they can build an app based on a single type of platform. This would be the VDI or VMI platform.

All of these devices that you’re using are simply connecting in usually through a remote desktop type of configuration and running the applications from there. This also makes it easier to manage the applications. You don’t have to worry about deploying new apps to everyone’s mobile phone. Instead, you would update a single application store at the VDI or VMI management server itself, and all of the devices connecting in are now using the new software.