Is COPE the answer to the shortcomings of BYOD?
Bring your own device (BYOD) was supposed to be all that a company needed. In an era where mobile devices are in high demand, businesses had to face the reality that employees were bringing their personal smartphones and tablets to work. Their solution was BYOD, an officially sanctioned policy allowing workers to use their personal devices for their jobs. More freedom meant happier, more productive workers, while companies no longer had to worry about the costs of supplying the devices.
All seemed right with the world for a while, but as organisations got more experienced with BYOD, they began to notice several shortcomings of the strategy. Now, some companies have responded to these unforeseen problems by turning to a new mobile device strategy: corporate-owned, personally enabled or COPE. But is COPE truly the right prescription for BYOD’s problems?
Many of the shortcomings associated with BYOD stem from the concerns surrounding security. Businesses that have adopted BYOD policies have a lot to worry about when employees bring in a wide variety of devices, each with its own capabilities, features, and security weak points. It represents an added workload for IT departments that are already stretched thin. Securing corporate data is also more important than ever in the wake of large data breaches like those seen at Target and Home Depot. Many organisations see BYOD as too risky, but a return to the old model of providing the devices felt like a step backwards. The answer in many companies’ minds was to adopt a COPE policy.
Companies should still embrace the innovation that comes from giving employees more freedom
While on the surface COPE may sound similar to the corporate-provided model, the part to focus on is the “personally-enabled” portion of the equation. With COPE, employees are allowed to choose a device from a pool of choices, and once that device is in their possession, the company allows them to utilise it for personal use.
COPE essentially grants more freedom to employees, though not as much as what is seen under a BYOD policy. The IT department still has more control under COPE than BYOD. For one, IT workers can limit the number of devices employees have to choose from. They can also provide a limited list of apps and services that workers can use on their devices. Since the smartphone or tablet is owned by the company, they can also install any type of security program they want. This answers one of the largest problems of BYOD. COPE also helps organisations stay within legal and regulatory parameters. Depending on where the company is located, certain laws may prevent erasing data on a personal device. If the device is owned by the company, however, any wiping is perfectly legal.
COPE certainly sounds like a combination of the best parts of BYOD while still answering some of BYOD’s shortcomings, but is it still the best solution?
Though COPE gives the illusion of freedom, in reality it’s anything but
Part of the issue with COPE is how it reintroduces some of the problems BYOD was able to solve. BYOD is all about freedom, and though COPE gives the illusion of freedom, it is anything but. Yes, employees can pick from a pool of possible devices, but that pool is still limited and might not include the device an employee wants. BYOD also shifts much of the costs to the employee, but COPE once again places those costs back on the company. If anything, it makes the whole matter more complicated as businesses try to figure out how to ensure service plans are properly used and who is responsible if employees go over data limits.
Even the issue of security isn’t fully addressed through COPE. By restricting the types of devices, apps, and services workers can use, they will invariably start bringing in their own smartphones and tablets while also downloading their own apps. This reaction leads to the growth of shadow IT, even if employees aren’t aware they’re breaking the rules in the first place, and shadow IT carries plenty of its own problems organisations need to worry about.
As is often the case, the solution most likely appears in striking a balance between the freedoms of BYOD and the safer security a company is hoping to achieve. If a company does choose to adopt BYOD, a clearly defined BYOD policy should be the first order of business, outlining acceptable behaviours of personal devices and the punishments if those privileges are abused.
Companies should still embrace the innovation that comes from giving employees more freedom and work it into the company culture. Put simply, there’s a lot to be gained from allowing workers to use devices for both their work and personal lives, but finding the right way to harness it could be one of the biggest challenges businesses are facing today.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » Companies need to disclose their cybersecurity risk to attract investors, study finds
- » Financial services firms rely on BYOD – so how do they stay secure?
- » As user privacy and MDM become more incompatible – the new guide to BYOD vs company devices
- » Using AI to secure the modern world – where enterprises are particularly vulnerable
- » How the CIO can win over the most tech-resistant and tech-reluctant employees