The Holy Grail – BYOD, COPE or CYOD

Choosing the right enterprise mobility strategy for your business

Finding the ideal alignment and balance between hardware, software and employee preference has become the holy-grail for those tasked with defining enterprise mobility strategy. BYOD delivered many great things, such as higher employee productivity and satisfaction. It also made IT managers rethink their strategies to make technology work for their organisation in terms of mobility, security and management. Then COPE (Corporate Owned, Personally Enabled) came along, which promised to solve some of the problems that BYOD didn’t, such as security. However, COPE also posed challenges and is being followed now by CYOD (Choose Your Own Device).

With so many acronyms flying about it might appear hard to know where to start identifying the best solution. However it would seem 2014 has heralded the end for BYOD with a recent report by analyst firm Gartner declaring its demise, stating: “There is no way for IT to assume full responsibility of securing and managing devices without ownership”. Indeed, the acronym is now being translated by some as “Bring Your Own Disaster” suggesting it would perhaps be wise to learn from others mistakes.

The COPE model allows employees the choice of a selection of ‘company approved’ devices instead of using their personally owned device for work. This idea might sound like the days of the corporate Blackberry chosen by the IT department, but the ‘Personally Enabled’ part is where the IT department has released some control.

The COPE model solves some of the security concerns that BYOD generated, making it easier for IT managers to monitor and protect the devices, whilst still embracing the Consumerisation of IT by enabling users an element of choice. However, COPE is not without challenges which is where CYOD has emerged, offering an apparent ‘happy medium’.

A variation on COPE, CYOD lets employees choose from a limited selection of approved, corporate-liable device models with the levels of security and control that IT needs. The slight difference is that the employee pays for the upfront cost of the hardware while the business owns the SIM and contract for greater visibility, control and potentially lower costs.

Protecting your company’s data

When a company adopts a COPE strategy, supplying employees with ‘company approved’ devices, it is easier for the IT manager to ensure the protection of corporate data. As the company owns the devices, the IT manager can easily decide which data employees can and cannot access, make regular backups, and remotely wipe devices in case they get stolen or lost. Also, when employees have technical problems, those problems can be solved in-company, instead of at an external - and possibly dodgy - IT repair shop. All these measures reduce the risk of data falling into the wrong hands.

Privacy issues

The principal challenge though with COPE is privacy. IT managers must think critically about the consequences of their data protection policies. As the boundaries between work and private life fade, it will be hard to force employees to use their mobile device for business purposes only. But when employees use their devices privately as well, how far can the IT department go controlling those devices without undermining the privacy of employees? For example, is it still acceptable to wipe devices remotely if they contain private data, such as family photos?

Monitoring network traffic

Moreover, with COPE and with BYOD, IT managers are challenged by the introduction of multiple devices onto their wireless networks. As wireless becomes the primary user network, it needs to deliver the availability and performance that employees expected from the wired network. BYOD increased network density, bandwidth consumption and security risks. These issues will be reduced when IT managers decide to go for a COPE strategy, because the IT manager will recognise most of the devices on the network. He or she will be able to track users, their devices and usage habits in order to resolve any issues that could impact wireless availability and performance.

Another major plus point of CYOD is that IT can focus on supporting a limited number of platforms and devices, rather than trying to support as many as possible.

Application control

But when implementing a CYOD scheme, organisations need to look at application control and whether CYOD should permit employees to run non-business-related applications. This is a discussion in itself when you start to look into controlling employees’ personal social media apps on corporate-owned devices. Certainly, many would argue that there needs to be a shift in focus away from standard MDM solutions and towards managing data and security at the app level.

A growing number of companies are opting for MAM (mobile application management) instead of MDM (mobile device management), since it enables IT to protect enterprise apps and corporate data throughout the mobile application lifecycle, from deployment to app signing to inspection for security flaws and malware.

Analyst firm Yankee Group predicts that the enterprise mobility market will consolidate, as organisations broaden their requirement for enterprise app development, on-premise and cloud-based deployment, app and device management, and security – all delivered by a single platform vendor. This would help organisations to achieve a holistic view of their enterprise thus enabling the management of devices, users, data and applications as well as delivery of cloud and on-premise deployments. In this vision the device an employee chooses to use becomes less critical as the focus shifts from the device to the app.

Making the call

What the evolution of BYOD to COPE to CYOD does best, for those struggling to decide which strategy makes most sense for their enterprise, is illustrate how fast things change. In turn that signposts a requirement to really look ahead and consider future needs and demands so that whatever strategy is deployed can be advanced and built upon with ease. This would involve consideration, at the outset, of solutions that can enable secure mobility, device choice, data consistency and agile management – that is where you should start… good luck!

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about GartnerYankee Group

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ennio Carboni, EVP of customer advocacy, Ipswitch

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place