And that's where Corporate-Owned, Personal Use comes in. That's a policy that lets employees do personal stuff on the devices you supply to them.
What matters more than who's supplying the device, says Domingo Guerra, co-founder of Appthority, is who has the right to control what goes on the device -- like public apps, which can create security problems that wouldn't be issues on a completely personal device.
"It used to be that the company was the gatekeeper as to what software came into the enterprise," he says. "As users we didn't have admin rights."
Some apps that employees will want to put onto a phone -- ones that seem safe -- will create issues for a company, especially one that deals with compliance issues. Apps that read the phone's address book and stores files directly in secure public clouds are going to be a problem.
A solution – for COPE and BYOD – is for a company to identify apps that present risk rather than keeping a manual list of apps that are OK (that would be a herculean task, says Guerra). Companies can also identify a range of third part apps in specific areas where employees are already looking, like productivity, expense reports and note taking, and then present that list to employees. Not only does that save employees time in trying to find the right tool, but it also lets the company keep data safe.
"We don't have to be afraid of the apps out there," Guerra says. The question instead is "how can we enable a safe environment?"
The hybrid approach
This is what Johnson says will be the future: not quite BYOD, not quite COBO, not quite COPE, but a mix that will work per employer and sometimes per employee.
"A majority of employees want to use one device and carry one device wherever they go," he says. For those employees, a company can "install a solution that keeps data off a device and allows them to have a clean separation between their data and company data."
That won't work for everyone, especially those who travel and need full access to company data in order to their jobs. One example: a controller who "is on the road and needs access to financial systems," he says.
That employee will need a COBO device, but also may have a solution added to a personal phone so that a company can still call outside of work hours. That personal phone may also have a solution added to it that allows the employee to look at email and a calendar without having to pull out the work phone.
Sign up for CIO Asia eNewsletters.