Eugenio Marongiu - Fotolia
BYOD quickly created a wild west scenario in many organizations, as employees brought a wide array of mobile devices and operating systems to work. A different ownership model -- corporate-owned and personally-enabled (COPE) -- lets IT have more control over corporate content while still allowing employees to use the apps they want.
Here, Philippe Winthrop, mobility strategist at CSC Mobility, a solutions provider based in Tysons Corner, Va., explains how COPE devices can benefit IT and how to handle user privacy concerns.
What does modern mobility mean to you?
We've been talking about it for ages, but we're finally getting there in terms of what is mobile going to do for an organization beyond … email, contacts and calendar? The location where you are is now irrelevant. It's really being able to have access to whatever tools and information you need, literally at the tip of your fingers.
You invented the term COPE. What does the personally enabled part entail for IT?
When you're building a strategy around BYOD, the singular question that you're trying to answer is how do I protect the data that is mine on the device that I don't own? Whereas with COPE, what you're doing is saying 'How do I empower my employees to feel comfortable using something that I provide them just as if it were their own?'
There are so many companies out there that have web proxies to block your access to websites at work. If you're in marketing for a consumer-oriented company, don't you need to maybe have access to the Facebook page? With corporate-owned, personally-enabled, yes, it's my employer's device, but absolutely go and put Facebook on it. The problem with BYOD is it's all about distrust. If I don't trust my employees to properly handle content and data they need for work, then why did I hire them in the first place?
How does user privacy fit in with COPE devices since IT has ownership and potential insight into the device?
There's the old adage: With great power comes great responsibility. Just because you can do something doesn't mean you should. You're only going to [look at users' information] if there is cause. You're not just going to have random audits of people's devices because that's Big Brother. It's about mutual responsibility. Why would I divulge secrets, unless I'm a disgruntled employee? And that's a completely different story.
Philippe WinthropCSC Mobility
Let me give you one example: A [European Union (EU)] privacy attorney [at a conference I attended] said that … on a BYOD device, if I'm using a third-party app for email and calendar, and in that app I have the details for my work trip … the EU deems that personal information. This is information that is 100% work-related and yet is deemed personal information. With COPE, you completely get around that because it's a corporate-owned device.
How should IT manage COPE devices?
There is no difference between managing COPE and managing BYOD. Zero. The device is the device. The apps are the apps. The content is the content.
What's your favorite movie?
What's the best dish you can cook?
Pan-seared rack of lamb with rosemary and mint. Number two would be tagine, which is a Moroccan food.
This article originally appeared in the November/December issue of the Modern Mobility e-zine.
Corporate device ownership could make a comeback
What is choose your own device?
Risks of BYOD leads to COPE
- Weighing the Options for an Enterprise Mobility Strategy –SearchSecurity.com