BYOD Versus Corporate-Liable: How do you COPE?
In the new world, business realities and employee use cases need to drive the adoption of appropriate mobile policies.
Mobile device usage in the enterprise forever changed the landscape of enterprise networks and the way that employees and customers communicate or collaborate across those networks.
Several lessons have been learned during the very rapid rise of the mobile enterprise that can be effectively applied as guidelines for the future. Perhaps most importantly, the temptation to treat enterprise mobility as a device-centric environment to which we should apply and enforce policy has proven to be incorrect. Enterprises should consider a user-centric point of view that moves beyond today's conversations of BYOD versus Corporate-Liable and COPE (or corporate-enabled, personally owned).
Current state of the mobile enterprise
Some organizations continue to apply the corporate-liable model, where the corporation is responsible for ownership, expense, policy and security management, in order to optimize cost, usage, utility, and security. This is especially true in organizations that are exposed to SEC, GLB, HIPAA, PCI or Sarbanes-Oxley regulation. But in most cases, this model has been replaced by the BYOD model, which in turn has quickly created unexpected demand for support and enablement that many IT organizations are not ready for.
In a user survey of enterprises that had implemented BYOD, the majority reported that direct costs had actually increased over prior corporate-liable expenses. For instance, the support costs in an environment of multiple mobile operating systems and numerous device types have increased substantially. Mobile security concerns with the BYOD model have driven rapid adoption (as well as added costs) of first-generation mobile device management (MDM) solutions. Lastly, support that spans the entire device lifecycle for mobile users, from ordering, provisioning, device or application support and ultimately device recycling, have also created additional expenses for the enterprise.
For some companies, an effort to clean up the access control, security, support and unexpected cost issues surrounding BYOD, has led to COPE. In the COPE model (sometimes referred to a CYOD, or "choose your own device"), both the device and service provisioned are specified and paid for directly by the company. Under this model, the permutations and combinations of mobile operating systems, mobile devices and mobile service plans are reduced, and the corporation can benefit from negotiating bulk rates for voice and data services, known as pool plans. Employees can select from desirable (and supported) devices like iPhones, and are allowed certain texting, tweeting or gaming activities via mobile application management tools.
COPE provides an opportunity to capture the best features of both the BYOD and corporate-liable models, but still requires a fair amount of management and administration overhead to be effective, and is suboptimal in many cases.
First-generation MDM tools have addressed the initial mobile security concerns in the enterprise, but the overly simple approach to access control and remote wipe proved to be somewhat inept, causing concerns among end-users around personal data privacy and security. Enabling MDM on personally-owned devices has also been difficult when users don't accept overly invasive security measures, such as device-neutering--shutting down MicroSD storage or USB connectivity.
Where do we go from here?
Second-generation MDM solutions have begun to enable "containerization"--a real-time segregation of the enterprise workspace and data from the personal space, enabling personal apps, social networking and email. By segregating both the data and the workspaces in real-time and tagging the data as having originated from one space or the other, the personal "data leaking" channels (including IM/MMS, MicroSD and USB data channels) are effectively blocked from an enterprise perspective, but remain available for all personal use.
MDM can now be deployed, provisioned and managed via the cloud, so overall costs are significantly lowered and mobile security management agility increased. Effective cloud architectures, coupled with secure access, protect work data in transit and limit the amount of data stored at rest on the mobile device.
Increasingly, IT strategies that emphasize cloud processing and storage, collaboration and device independence are replacing old client-server models of copying data to a specific machine for local use. Since mobile apps tend to rely on the cloud, and mobile devices are increasingly consuming cloud services, enterprise IT architects would be wise to consider their mobile and cloud strategies holistically.
Advances in both MDM and cloud services virtually eliminate the need to actively consider COPE as a model for enterprise mobility and allow us to focus on optimization of BYOD or Corporate-Liable for the enterprise, most likely using both in a hybrid model based on specific use cases and end-user requirements.
Guidelines for the Future
The combined forces of the business use case for mobility and the requirements of the mobile end-user have changed the center of gravity for IT. In the new world we need to adapt to the notion of letting the business drive policy, not vice-versa, and to map individual user groups and use cases to the appropriate policy models. This allows for the fact that not all users or user groups are the same, and that there will likely be more than one user group that we need to enable and support.
Applying a method for constant optimization of usage, utilization by business application and overall cost is needed. By closely tracking and adjusting for actual usage, utilization and cost variables to create an optimum result, enterprises will have effectively created a feedback loop that enables true mobile lifecycle management for the mobile enterprise as it continues to grow and evolve.
Dave Snow has been in the network communication industry for over 20 years and is currently the Director of Dimension Data's Communications Lifecycle Management Practice. Follow Dave on Twitter @DaveSnow or learn more at clm.dimensiondata.com