For years, enterprises have been struggling in a tug of war with employees and their use of smartphones at work. If employees want the latest smartphone and tablet, should they buy it themselves or does the enterprise need to exert more control over who and how enterprise data is accessed?
The former – Bring Your Own Device – gained a lot of traction. But some enterprises are recognising that they may have been wrong and would be better off owning this device. COPE (Corporate-Owned, Personally Enabled) is an attempt to rein in some control.
The mobile enterprises
IDC forecasts that 75% of Europe’s workforce will be mobile by 2018 and 72% of the total US workforce by 2020. IT departments and telecoms procurement have been trying to unleash mobile data apps as part of digital transformation while addressing security, compliance and budgetary demands.
"Mobility has become synonymous with productivity both inside and outside the workplace, and the mass adoption of mobile technology in the United States has cultivated an environment where workers expect to leverage mobile technology at work," explained Bryan Bassett, research analyst, Mobile Enterprise Device Solutions at IDC.
Despite COPE becoming a viable strategy for many enterprises, BYOD has not lost its shine. By 2020, for example, nearly half of the smartphones sold annually in North America will be personally-owned and used for business purposes at some level, according to Andrew Brown, Executive Director of Enterprise Research at Strategy Analytics. “Cost savings and allowing users their own device choice are the top reasons employees are allowed to purchase and use their own mobile devices,” he said. “BYOD volume will continue to account for the majority of the global business smartphone devices into the future, although corporate liable volume will grow over the next couple of years at nearly a double digit growth rate”, added Brown.
The many routes available
Today, there are a number of flavors of BYOD to choose from. The first, un-restricted, unsupported BYOD, which allows employees within an enterprise to use their own notebooks, tablets, smartphones, or other devices for work purposes, is not generally recommended as it is essentially unmanaged and exposed to hacks and data leakage. The second, unrestricted, supported BYOD lets employees use their own device for work, but they are supported by the enterprise. Finally, restricted and supported BYOD allows employees to use their own devices for work, as long as they are on a list of approved devices the enterprise will support.
COPE takes a slightly different tack. Here, the device is the property of the enterprise, but the employee is allowed to use the device for personal activities. For many it runs a happy medium between BYOD, which some enterprises see as a risk, and the inflexibility of dictatorial technology provisioning, where employees are told to use what they are given.
BYOD can leave IT departments with a complex mix of applications, services and devices to control, making compliance and data security a major challenge. COPE looks to overcome these hurdles by making it easier for IT to secure and monitor devices because they are enterprise owned. With BYOD, the IT department has to create a container or dual persona technology, made up of one part for IT to manage and the other part for the user to manage. COPE, however, allows the IT department to build space on a fully managed device for the employee’s personal use, which in essence is simpler and easier to manage. But there are privacy issues to contend with. The COPE model is built on trust employees need to be reassured that their personal data is not being snooped on.
Savings to be made
Yes, embracing BYOD can result in cost savings, by shifting the cost of ownership to the employee. There is no learning curve and training isn’t required, plus employees will pay to update their own devices. But it isn’t always as black and white as it at first looks. Enterprise owned devices provided with a contract, if purchased in bulk, can in some cases be heavily subsidized. Plus, the cost of supporting personally owned devices has to be factored in.
Plan before you deploy
In order to create a BYOD program without compromising on security it is essential to have the buy-in of everyone in the enterprise. This involves building a BYOD policy and creating a culture where it is understood and adhered to. The policy must incorporate any industry regulations and be backed up by enforcement and management tools. Utilizing Enterprise Mobility Management (EMM) tools allows for the management of lost or stolen devices, or when an employee leaves the organization.
EMM solutions are available, for example, that use container security that basically separates enterprise and employee data, applications, communications and networking, giving the enterprise control over corporate data, without trespassing on personal data. Don’t forget that these devices also connect to the enterprise network, so it is essential to have a SSL VPN and Network Access Control (NAC) solution as a secure layer of protection.
No two organizations are the same
Every enterprise is different. Enterprises need to carefully assess which mobile strategies and technical solutions best fit their method of working, taking into account employee requirements, a desire to cut costs and increase productivity, openness to risk, regionally specific regulations and finally how it fits into the long term roadmap.
BYOD by its very nature is a heterogeneous environment made up of a number of platforms and device types. Although they can be managed and secured with a mobility management solution (EMM), enterprises with a high focus on data security such as those operating in the health and financial sectors may feel it is not a route for them. Here COPE may be an alternative, as long as the security features can be implemented across all the devices in the program. Although BYOD can be managed and secured via various EMMs, BYOD is not a route option for enterprises with a very low risk threshold.
There is no ‘one-model-fits-all’ solution to mobility. Every enterprise has different requirements. BYOD, CYOD or a combination will totally depend on the requirements and rules that apply to different enterprise department teams. But the good news is there are a mix and match of options out there to choose from.
Jan has been writing about technology for over 22 years for magazines and web sites, including ComputerActive, IQ magazine and Signum. She has been a business correspondent on ComputerWorld in Sydney and covered the channel for Ziff-Davis in New York.