BYOD – Corporate Liability and COPE

We explored the dilemma of an IT security manager at a policy level on whether a company owned, but personally enabled ( COPE) approach makes sense.   Marketing researcher Gartner predicts that almost 40% of the companies rely on BYOD, and plan to completely move away from owning devices in another two years, and about 85% of them would have some sort of policy by 2020.  Surprisingly, small and medium businesses are in the forefront, and only 10% have not really given a thought about it.

The swell of consumer devices makes it inevitable – people just want to use their devices that they buy.  Hence the scope for COPE to really be implemented seems weak.   Employees personal devices are smarter and capable than the restrictive choices that a company issued device may have.  So essentially one can note that as we move towards the summer of 2015, COPE seems to be an option that just is passing away.

But there is one last thing we might want to consider before wishing away COPE – Corporate liability. Enterprises are now governed by regulations like SEC or SEBI, GLB, HIPAA, PCI or Sarbanes Oxley.  The accountability is usually put on the ‘Mobile Device Management’ (MDM) system and its effectiveness to comply with the regulations.  These regulations, if one may note, establishes the need for corporate systems to comply and the liability if not complied with.   What MDM does not address is the variability of devices in question.  This brings us back directly into control of the mobile devices and mobile applications.   A COPE- enabled policy creates a relatively comfortable situation for compliance as variability of mobile operating systems, hardware and applications are reduced.

The new MDM solutions may reduce the cost of compliance as well, as the solution itself is on cloud and the mobile interfaces can be variable, but the data rendering, access and integrity is protected through uniform policy – which makes the device variability more or less redundant.  It also provides for savings in cost.   These systems are however, just evolving.  Corporate liability vs COPE will be the two major variables that MDM software architects will face.

BYOD is in.  The next phase of evolution is on.  We will explore Mobile Device Management from a feature set perspective in the next blog.

Previous blog: :  BYOS – New Paradigm in Enterprise IT security
Next Blog: : MDM: Its not about the device but the data