Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Enterprise Mobility: COPE vs. BYOD

Corporate-owned device fleets have been the norm since mobile was introduced into the enterprise. Today, a number of organizations continue this tradition, only now it has morphed into COPE. Corporate-Owned, Personally Enabled policies promise the same user experience, privacy and autonomy of a personal device on a corporate-owned device.

Corporate-owned device fleets have been the norm since mobile was introduced into the enterprise. Today, a number of organizations continue this tradition, only now it has morphed into COPE. Corporate-Owned, Personally Enabled policies promise the same user experience, privacy and autonomy of a personal device on a corporate-owned device. This idea likely sodunds promising to most organizations, but how does COPE really stack up against BYOD (Bring Your Own Device).

Techopedia defines COPE as the complete opposite of bring your own device (BYOD). If BYOD is user-driven, and thereby preferred by users, why would anyone adopt a corporate-owned policy. There are a few reasons.

Ovum found that nearly 70 percent of employees use their tablets or phones to access corporate data, with 15.4 percent of them doing so without IT’s knowledge and nearly 21 percent in spite of established policy. This ‘access to the data’ piece is a major reason why an organization would pursue a COPE strategy.

BYOD vs. COPE Mobile SolutionsThe onslaught of devices in the enterprise raises serious concerns about the security of corporate data. The common response to this concern has been to increase restrictions and lock down employee-owned mobile devices. This is not necessarily the wrong response. CIOs and CISOs are responsible for the protection of the most valuable organizational assets – the data. What other choice do they have? This is where COPE comes in as an option.

Because it allows organizations to retain full control of the device, COPE is often an attractive model for organizations concerned about keeping mobile data secure. Full control of the device means that IT retains the ability to simply wipe the device if it is lost or stolen – an effective way to keep corporate data out of the wrong hands.

COPE however, presents its own set of issues. The feeling of control that COPE offers is an illusion. Even if organizations provide users with the newest and best devices, if they don’t give users the freedom to choose and use their own, the users will simply bring their own. The result: Shadow IT.

This is not happening in theory, it’s taking place in organizations everywhere. A recent survey by LogMeIn and Edge Strategies found that users have an average of 21 apps on their devices. This is seven times what IT estimated!

I’ve spoken with more than one CISO who had banned corporate data on mobile devices only to discover that users had been transferring files to their mobile devices using Dropbox and YouSendIt, circumventing security controls and completely disregarding corporate control. In fact, the majority of users engage in this behavior and not all are doing so deliberately. Studies show that many users aren’t aware of their employers BYOD or mobile security policies, let alone that they are breaking them.

There are a couple of reasons to adopt a BYOD approach. The first is reduced overhead. The time and money spent to manage corporate-owned devices is substantial. The second is simply that BYOD resonates with today’s blended work-life activities. By allowing employees to use the tools they love we enable them to work from anywhere and, ultimately, increase their productivity and response times. Managed properly, BYOD becomes an asset for organizations. This is probably why Ovum predicted just a year ago that BYOD was “here to stay.”

Advertisement. Scroll to continue reading.

For the last several years, IT has been split between fighting the onslaught of BYOD and realizing they must prepare for the inevitable. COPE is a stopgap between the old days of full corporate control and the days of user-driven mobile policies. The truth is that in either case there is no way to keep corporate data secure without knowing what corporate data is at risk, and we can’t know this without gaining visibility into its usage.

With app usage information in hand we can fine-tune policies, and secure applications. By securing user applications, we enable their productivity and suddenly BYOD becomes an asset, not a liability. 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights