The days in which the assignment of a corporate-owned mobile device meant all work and no play are over. Enterprise Mobility Management (EMM) has evolved to the point where even highly regulated industries now offer the option of allowing workers to use company-issued devices for personal computing and communications activities, such as social media, game playing and other types of digital entertainment. These mobile device and application management advances, along with the rapid acceleration of workforce mobilization and its expected impact on an organization’s ability to secure corporate data residing on an increasingly diverse collection of employee-owned devices, is prompting a surge of interest in complements or alternatives to BYOD.
Topping the list of BYOD alternatives is the Corporate-Owned, Personally-Enabled (COPE) approach, chiefly due to its ability to combine the freedom and flexibility of BYOD with the control and oversight of Corporate-Owned, Business-Only (COBO) approaches to enterprise mobility. A major component of COPE’s appeal is that it offers a potential solution to the conundrum facing enterprises embarking on ambitious workforce mobilization initiatives: How to protect sensitive company information without degrading user experience or impinging upon the ability of business leaders to maximize productivity.
COPE Best Practices
Given the adaptability of a COPE enterprise management approach, success or failure will depend heavily on implementation. Here are nine best practices for assembling a COPE-based enterprise mobility architecture:
1) Provide a list of approved devices that is broad enough to satisfy employees but narrow enough not to stress IT resources related to device and application management or to introduce security risks.
2) Employ a containerization approach that allows for the complete separation of work and personal environments, giving workers unfettered control of the portion of the device reserved for personal use.
3) Craft a mobile device policy document that clearly spells out users’ responsibilities and restrictions regarding security and safety in both the work and personal environments.
4) Let the business bottom-line dictate your policy toward mobile devices. Which approach – COBO, BYOD or COPE – is going to give your business the best balance of security, productivity and user satisfaction? Which approach is going to best advance your workforce mobilization initiatives?
5) Don’t assume device ownership is a Teflon shield against privacy invasion claims from workers. The law remains unclear in this area, and while it’s a safe bet that ownership provides some measure of protection in the case of wipes of personal data, IT departments should still operate with kid gloves when handling personal data.
6) Don’t be exclusive. Regardless of the level of flexibility in your COPE-based policies, expect a number of outliers to continue to access corporate data with personally owned devices. Extend policies to handle this inevitability and to minimize risk.
7) Run it by end users. Inaccurate assumptions about the preference of end users have sunk hundreds of startups. What the IT department assumes will be acceptable and embraced by the workforce could turn out to be way off the mark.
8) Strongly consider COPE for multinational deployments. Legal ramifications resulting from the deletion of employees’ personal information on end points used for work vary in severity from one country to another. Company-wide adoption of a COPE-based policy will provide the best protection against lawsuits across international borders.
9) Find a one-size-fits-all solution. For environments that employ a spectrum of use cases and risk profiles, as well as device and OS types, a COPE approach offers the flexibility to cover all facets of a highly stratified enterprise mobility environment without security sacrifices.