As consumer devices and services increasingly outstrip their corporate competitors in power, productivity and cachet, Bring Your Own Device (BYOD) has become the latest so-hot-you'll-melt trend in the world of corporate IT. But plenty of IT departments see it as a demon to be exorcised from the cubicle farms - or an opportunity to dump the responsibility for hardware upkeep on their internal customers. Rather than struggle with BYOD, some companies are turning the whole concept of BYOD on its head in favor of Corporate Owned, Personally Enabled (COPE) policies.
The idea behind BYOD is to let end users choose the devices, programs and services that best meet their personal and business needs, with access, support and security supplied by the company IT department - often with subsidies for device purchases.
But BYOD places new burdens on IT as it tries to deal with an infinite variety of platforms and profiles. COPE takes the opposite approach - instead of making corporate functions work on personal devices, it sets up a framework to support and allow personal uses of company devices.
COPE essentially works like this: the organization buys the device and still owns it, but the employee is allowed, within reason, to install the applications they want on the device, be it smartphone or traditional computer.
For BYOD, the question for IT is "How do I secure information on a device that I don't own?" With COPE, the question becomes, "How can I loosen my grip for my employees to use their devices for personal use?"
That's how Philippe Winthrop, VP of Strategy at VeliQ, framed the questions for me. He's passionate about COPE, even though his work at VeliQ, the mobility Platform-as-a-Service company he recently joined, isn't even centered on it.
COPE vs. BYOD
According to Winthrop, COPE offers big cost benefits. Under BYOD, employees buy and expense the devices and services they need, while the employer may reimburse all or a portion of these costs, based on preset policies.
But that can leave companies paying retail prices. COPE lets IT departments keep their sweet corporate discounts. With BYOD, Winthrop said, "CFOs see a way to save a couple hundred bucks on CapEx [capital expenditures]. They're missing an opportunity to save far more on OpEx [operational expenditures]."
Keeping data where it belongs is the other big problem within BYOD. Worries about misplaced and insecure devices or malware-infected machines keeps the IT folks reaching for the antacid.
Not only are employee-owned devices at greater risk, but sometime laws can hamper what a company can do to help itself. In the European Union and South Korea, for instance, laws specifically forbid a company from wiping data from equipment it doesn't own. So, if a smartphone gets left in the airliner's seat pocket, any data on that phone is out in the wild.
COPE neatly circumvents challenges like this. If the company owns the device, it can yank data back regardless of regulations. And, since they can preconfigure the device before handing it to employee, IT can easily insert security and application-management protocols.
"With COPE, it's all about balance," Winthrop explained. "When I said 'loosen my grip,' I didn't say 'let go.'"
COPE also eases support issues by deploying the same hardware to every employee. In the BYOD scenario, IT might not even be able to repair all the possible devices, and vendor or third-party support services may not be completely secure.
To be fair, there are ways of mitigating the BYOD issues. Many companies that support BYOD maintain lists of approved devices, and let employees choose only from lists of approved devices and engage trusted third-party service and support vendors. Others keep all secure company data and access in a cloud-based virtual desktop or profile, reducing the risk if the device is compromised.
What's Keeping COPE Back?
Still, COPE has many benefits compared to BYOD, at least from the IT perspective. So why aren't more IT shops adopting the COPE model? It's those darn users.
Winthrop attributes the fixation on BYOD to the GenY-ers, staffers who insist on wanting to do everything their way and their way only.
"You could call it the Frank Sinatra Syndrome," Winthrop joked. (Clearly not a Sex Pistols fan, then.) Faced with these attitudes, many IT departments seem to think their only options are caving entirely or completely stonewalling user requests.
It doesn't have to be that way. By embracing COPE, IT can reassert the control it must have to keep data and work processes secure, while still giving employees the shiny toys they so desperately want.
Image courtesy of Shutterstock.