While “never leave a paper trail” might be the unofficial credo of spies and criminals looking to elude the attention of government or legal entities, it’s the meticulous accounting of all business-related transactions and communications that accomplishes the same objective for regulated businesses, such as those in the healthcare and financial services industries.
To stay clear of legal hot water, businesses and organizations subject to compliance rules must track and store all assets that might be part of an electronic audit. The recent and wide scale adoption of mobile devices into the enterprise sphere has expanded and complicated the information tracking and storage responsibilities of regulated businesses, adding several additional communication assets, such as text messaging, IM and mobile phone conversations, to the audit trail mix. Further exasperating the situation is that many of the smartphones and tablets flooding the enterprise market are rooted in the consumer space and may lack the capabilities to meet rigid compliance requirements. Apple’s iPhone, for example, does not support the archiving of text messages by enterprise mobility device and application management solutions.
In a 2013 report, Osterman Research described content retention and management as one of the fundamental risks associated with the Bring Your Own Device (BYOD) movement. The report, “Managing BYOD in Corporate Environments,” goes on to say that content stored on personal mobile devices can be inaccessible to the organization and subject the business to risks associated with regulatory obligations.
And those risks, in the form of financial penalties and other restrictions, can be severe to both the organization and individuals, such as the CEO or members of the board.
With so much on the line, CIOs at regulated businesses are seeking mobile enterprise solutions that provide workers with the personal freedom of BYOD without exposing the organization to risks related to compliance rules violations. In search of a BYOD complement or alterative, these businesses and organizations are likely to take a fresh look at the enterprise mobility model known as Corporate Owned, Personally Enabled, or COPE, a concept that took root a few years ago as a sort of compromise approach to the adoption of a strictly administered, or locked down, corporate model known as COBO (Corporate Owned, Business Only) or unfettered BYOD.
COPE is viewed by many IT managers as an “eat it too” proposition, as it essentially combines the control that is a hallmark of COBO with the end-user appeal of BYOD. An archetypical COPE deployment would be one that delivers unfettered productivity and superior user satisfaction, without the nausea-inducing complexity and vulnerabilities associated with loosely governed BYOD policies.
BlackBerry’s Balance containerization solution was recently recognized by Gartner Inc. as leading the industry in support of a COPE approach to enterprise mobility. Enterprises that purchase the regulate-level version of BlackBerry’s enterprise mobility management (EMM) solution are able to tap into granular command and control capabilities that meet compliance requirements, including the archiving of texts and IMs, without putting the clamps on personal use.
Keeping compliant is only going to become more challenging, as technology advances introduce additional hurdles and governments impose additional regulations. The 2010 enactment of the Dodd-Frank Wall Street Reform and Consumer Protection Act, for example, brought an array of compliance requirements to the US financial industry. Multinational companies have the added burden of dealing with rigid compliance requirement on a country-by-country basis.
There’s no stopping the BYOD movement. All businesses and organizations will need to adopt flexible enterprise mobility approaches capable of accommodating a mix of devices oriented in the consumer sphere and devices with a provenance in the enterprise sphere. But when it comes to inserting consumer-oriented devices into the compliance audit trail, a “better safe than sorry” policy carries the day.