Finding the ideal alignment and balance between hardware, software and employee preference has become the Holy Grail for those tasked with defining enterprise mobility strategy. BYOD delivered many great things, such as higher employee productivity and satisfaction. It also made IT managers rethink their strategies to make technology work for their organisation in terms of mobility, security and management. Then COPE (corporate owned, personally enabled) came along, which promised to solve some of the problems that BYOD didn't, such as security. However, COPE also posed challenges of its own and is being followed now by CYOD (choose your own device).
With so many acronyms flying about, it might appear hard to know where to start identifying the best solution. However it would seem that 2014 has heralded the end for BYOD, with a recent report by analyst firm Gartner declaring its demise, stating, "There is no way for IT to assume full responsibility of securing and managing devices without ownership." Indeed, the acronym is now being translated by some as "bring your own disaster", suggesting it would perhaps be wise to learn from others' mistakes.
The COPE model allows employees the choice from a selection of "company approved" devices, instead of using a personally-owned device for work. This idea might sound like the days of the corporate BlackBerry recommended by the IT department, but the "personally enabled" part is where the IT department has relinquished some control.
The COPE model solves some of the security concerns that BYOD generated, making it easier for IT managers to monitor and protect the devices, whilst still embracing the consumerisation of IT by enabling users an element of choice. However, COPE does not come without challenges, which is why CYOD has emerged, offering an apparent happy medium.
A variation on COPE, CYOD lets employees choose from a limited selection of approved, corporate-liable devices with the levels of security and control that IT needs. The slight difference is that the employee has to pay for the upfront cost of the hardware, while the business owns the SIM and contract for greater visibility, control and potentially lower costs.
Protecting your company's data
When a business adopts a COPE strategy, supplying employees with company approved devices, it is easier for the IT manager to ensure the protection of corporate data. As the company owns the devices, the IT manager can easily decide which data employees can and cannot access, make regular backups, and remotely wipe devices in case they get stolen or lost. Also, when employees have technical problems, they can be solved in-house, instead of at an external - and possibly dodgy - IT repair shop. All these measures reduce the risk of data falling into the wrong hands.
With COPE, the main challenge is privacy. IT managers must think critically about the consequences of their data protection policies. As the boundaries between work and private lives continue to fade, it is harder than ever to force employees to use their mobile device for business purposes only. However, when employees do use their devices privately too, how far can the IT department go controlling them without undermining their privacy? For example, is it still acceptable to wipe devices remotely if they contain private data, such as family photos?
Monitoring network traffic
Moreover, with COPE and with BYOD, IT managers are challenged by the introduction of multiple devices onto their wireless networks. As wireless becomes the primary user network, it needs to deliver the availability and performance that employees expect from the wired network. BYOD increased network density, bandwidth consumption and security risks. These issues will be reduced when IT managers decide to go for a COPE strategy, because the IT manager will recognise most of the devices on the network. He or she will be able to track users, their devices and usage habits in order to resolve any issues that could impact wireless availability and performance. Another major plus point of CYOD is that IT can focus on supporting a limited number of platforms and devices, rather than trying to support as many as possible.
When implementing a CYOD scheme, organisations need to look at application control and whether CYOD should permit employees to run non-business-related applications. This is a discussion in itself when you start to look into controlling employees' personal social media apps on corporate-owned devices. Certainly, many would argue that there needs to be a shift in focus away from standard MDM solutions and towards managing data and security at the app level.
A growing number of companies are opting for MAM (mobile application management) instead of MDM (mobile device management), since it enables IT to protect enterprise apps and corporate data throughout the mobile application lifecycle, from deployment to app signing to inspection for security flaws and malware.
Analyst firm Yankee Group predicts that the enterprise mobility market will consolidate, as organisations broaden their requirement for enterprise app development, on-premise and cloud-based deployment, app and device management, and security – all delivered by a single platform vendor. This would help organisations to achieve a holistic view of their enterprise, thus enabling the management of devices, users, data and applications, as well as delivery of cloud and on-premise deployments. In this vision, the device an employee chooses to use becomes less critical as the focus shifts from the device to the app.
Making the call
What the evolution of BYOD to COPE to CYOD does best, for those struggling to decide which strategy makes most sense for your business, is illustrate how quickly things change. In turn that signposts a requirement to really look ahead and consider future needs and demands so that whatever strategy is deployed can be advanced and built upon with ease. This would involve consideration, at the outset, of solutions that can enable secure mobility, device choice, data consistency and agile management – that is where you should start.
Alessandro Porro is the vice president of international sales at Ipswitch