The bring your own device, or BYOD, concept has been around in enterprise mobility since the birth of the iPhone (and some would argue even before that with the birth of the laptop computer). But as mobile devices have become increasingly important in the workplace, so too have device ownership and support models splintered depending on corporate preferences, employee activities and the level of readiness that the company seeks to have when the device hits the employee's hands. Based on the patterns that Blue Hill Research has observed through a growing number of corporate engagements, companies can categorize their enterprise mobility management with one or more of the following acronyms.
- COLD - Corporate Owned, Locked Down
- COBRA - Corporate Owned, Business Ready Applications
- COPE - Corporate Owned, Personally Enabled
- CAPO - Corporate Approved, Personally Obtained
- EQUAL - EQuipment Under Approved List
- PEER - Personally Equipped, Enterprise Ready
- POOR - Personally Owned, Office Required
- CHAOS - Corporate Handles All Operating Systems
COLD - Corporate Owned, Locked Down
COBRA - Corporate Owned, Business Ready Applications
COPE - Corporate Owned, Personally Enabled
CAPO - Corporate Approved, Personally Obtained
EQUAL - EQuipment Under Approved List
PEER - Personally Equipped, Enterprise Ready
POOR - Personally Owned, Office Required
CHAOS - Corporate Handles All Operating Systems
Clever wordplay aside, what you really need to know are the ramifications of each management model. Let's explore.
COLD - Corporate Owned, Locked Down
COLD describes the traditional paradigm that many of us remember from the days when BlackBerry ruled the enterprise as the one CrackBerry to rule them all. Supported by the BlackBerry Enterprise Server, this model provided not only a secure device, but also a secure data and email gateway and fail-safe policies for any devices that were lost or stolen. In today's world, this model has only become even more secure with the encryption of voice calls, multifactor authentication, content and application virtualization to prevent improper sharing, and sandboxes used to isolate applications and content.
COBRA - Corporate Owned, Business Ready Applications
COBRA describes a world in which companies give new employees devices that are set up with key applications they need to be productive from the get-go. This might be as simple as including Dropbox, Box, or Evernote. This could also include mobile CRM and ERP applications, help desk applications, and productivity enablers. In a world where mobility is all about the apps, mobile devices should be ready on Day 1 with the tools that employees need to succeed.
COPE - Corporate Owned, Personally Enabled
Enterprise mobility evangelist Philippe Winthrop of the Enterprise Mobility Foundation introduced the COPE model to reflect the idea that an employee can still personalize a corporate-owned device. This can be done by dedicating an enterprise-specific portion of the device to the applications and documents used in the workplace, while dedicating the rest of the device to Facebook, Angry Birds, personal e-mail accounts, and whatever else the employee wants to put on the device. Until dual-persona devices first came on the market, this vision of enterprise mobility was not truly possible. But in today's mobile environment, companies should at least consider this version of mobility that combines the enterprise cost and device governance associated with corporate ownership with the freedom of employee usage.
CAPO - Corporate Approved, Personally Obtained
With CAPO, we start moving more firmly into the world of BYOD. Although employees can bring their own devices into the enterprise, the devices have to meet specific corporate standards. These standards can be as simple as supporting the company's security or mobile device management standards or as complex as defining specific policies to shut off nearfield communications, camera, and other functions.
EQUAL - EQuipment Under Approved List
EQUAL is a subset of CAPO where the company defines the specific devices or operating systems that IT and operations will support. EQUAL is still a part of BYOD, but employees can no longer bring whatever devices they want. For instance, if a company decides that IT will only support Apple iOS devices, Android devices (especially Samsung Galaxy devices) are off the table. This allows companies to focus on the devices and operating systems they support without being overwhelmed by the evolution of mobility across every possible platform. However, the focus comes at the potential cost of creating a new version of shadow IT from unsupported devices.
PEER - Personally Equipped, Enterprise Ready
The PEER model allows companies to put business applications, security, and governance onto a personally owned device. Employees agree to give businesses the control needed to transmit and support these applications. This can potentially include giving the company the right to lock and wipe an individual's personal phone or tablet if it is lost or stolen. However, devices that can be split up into both corporate and personal personae can take advantage of this functionality similar to COPE devices to provide separate functional areas. The only difference in this case is that the employee pays for the device whereas the company foots the bill in the COPE model.
POOR - Personally Owned, Office Required
POOR is a model through which the employee is actually required to bring a smartphone or tablet to work simply to do the job. However, California recently decided in Cochran vs. Schwan's Home Service that this was not permissible based on California Labor Law that states: "(an) employer shall indemnify his or her employee for all necessary expenditures or losses incurred by the employee in direct consequence of the discharge of his or her duties, or of his or her obedience to the directions of the employer." Basically, companies are liable for employee costs. This finding potentially is much farther reaching than cell phone usage, as one could imagine that employees working at home could start charging for their Internet usage, home office equipment or even a portion of their own utilities.
But in the short term, let's focus on what POOR means in the rest of the world. When this policy can be enforced, POOR means that employees actually have to purchase an appropriate device, often without reimbursement. POOR is expected to become more troublesome as states increasingly see class action lawsuits that, like Cochran, are created based on a combination of state labor laws and BYOD requirements. (Read the recent No Jitter coverage, Court Puts Employers on Notice About Mobile Use.)
CHAOS - Corporate Handles All Operating Systems
CHAOS is possibly the most feared of all BYOD environments, since IT departments often find themselves overwhelmed by the challenges of everything from iOS to the many flavors of Android to the potential of Windows Phone, BlackBerry, and perhaps others in the near future such as Samsung Tizen. From an operational perspective, this approach often results in users falling through the cracks as IT is unable to provide employees with enterprise applications because vendors have never developed them for a specific platform. And from a support perspective, IT is constantly on the phone with additional support staff to troubleshoot unfamiliar devices. Although organizations can get around some of these challenges by outsourcing managed mobility to a third party, CHAOS makes mobile application and data security strategies significantly more difficult to develop.
The proliferation of mobile devices has led to a similar proliferation of enterprise mobility support models. As your organization considers how to move forward to support mobile devices, applications, data, content, and unified communications, keep in mind how enterprise mobility is currently supported within your organization. By moving beyond BYOD to the more nuanced worlds of COLD, COBRA, COPE, CAPO, EQUAL, PEER, POOR, and CHAOS, enterprise mobility can be better supported by identifying past, current, and desired future states for technology management.