Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Corporately owned, personally enabled devices should replace BYOD
MOBILE

Corporately owned, personally enabled devices should replace BYOD 

Ask the IT staff about BYOD, and you might receive a different response. For the IT department, BYOD can be a nightmare. Technicians are expected to support and secure a wide variety of devices and platforms. And enterprise software might not be compatible with every device and platform. Denis Bernicky, computer technician at the Lester B. Pearson school board in Dorval, Quebec, believes that BYOD is not the best solution for the enterprise. He shared his thoughts on why corporately owned, personally enabled devices (COPE) are an excellent compromise for companies and employees.

Bernicky defined COPE as follows: the IT department creates a list of approved mobile devices, and the business makes them available to end users for business and personal use. The COPE approach means that IT professionals can offer support for employee devices with which they are familiar and that meet enterprise security needs.

While COPE is a technician’s dream come true, Bernicky acknowledged that the idea might not be popular in the C-suite. “COPE is a hard sell because it involves investing in hardware and training which are not near and dear to most organizations’ hearts,” he remarked. “Add to purchase expense the expense of tracking and managing physical assets with a functional shelf life of two years and the money issue becomes more of a problem.”

How can the IT department convince the powers that be to consider COPE? “Getting executive buy-in has to be directly related to cost/benefit or it won’t fly,” Bernicky asserted. “What is the cost of a data breach caused by a lost personal device which cannot be bricked by an on call admin on a Sunday morning? What is the cost of having multiple versions of the same corporate apps running on multiple platforms? Even if apps are ‘in the cloud’ you have to spend money on making certain each and every device and the browsers specific to those devices is supported by your cloud apps. If personal devices are being connected to the intranet by being connected to a local workstation how can you be certain of the security precautions taken by the user of the device before they connect it?”

If the C-suite buys into the idea of COPE, the next step is creating a list of approved devices. What criteria should the IT department look for when creating this list? “The first criterion is sexiness,” Bernicky said. He admitted at first, the “sexiness” of a device appears to be a frivolous trait. “It sounds ridiculous but if an executive doesn’t like the look of the device they won’t use it and they will bring in their own,” he explained. “If executives bring in their own equipment then the whole COPE strategy might as well be trashed. Corporations are like any other team: people follow the leader.”

A device’s appearance is not the only consideration, though. “Immediately after sexiness is how secure is the device?” Bernicky commented. “Can the device be connected and managed through the network? Can automated backup be set? Can the device be bricked remotely? How difficult is the device to hack?”

Once everyone has selected their device, the IT department becomes responsible for supporting them, even though the devices are not solely for corporate use. What does that mean in reality? If something goes wrong with a corporately owned, personally enabled device on the weekend, users will have to wait until Monday morning to fix the problem. “Portable devices are rarely mission critical devices,” Bernicky noted. “A COPE device can be swapped out easily because we know the backup has been done, the device has been secured, the end user’s username and password will get them right back on the network. For an end user, how much easier can a tech problem be than that?”

Although the advantages to a COPE policy are numerous, Bernicky is aware that BYOD will be difficult to supplant. “People love their own stuff,” he commented. “What people own define how they see themselves and how they wish to be seen. When people buy something they buy a lifestyle belief in themselves. When they are assigned something it has the feeling of someone trying to impose a lifestyle upon them and they react, as most of us do, negatively.”

How can the IT department make the idea of COPE more attractive? “Ultimately the selling point has to be that the device is part of the job,” Bernicky responded. “A tablet, phone or laptop is no different from a framing hammer or torque wrench. It is simply a tool, nothing more.”

Another issue the IT department must surmount in order to implement COPE is attitudes towards security. “On the business front the argument with management (and it will be an argument) boils down to the fact that you cannot control everything so you might as well go BYOD,” he remarked. “As IS/IT security philosophies go, that ranks up there with ‘let’s hope for the best.’” IT professionals need to explain what COPE is not. “COPE is not about controlling everything,” Bernicky stated. “It is about taking as many variables into company hands as is possible knowing all the while that something will go wrong.”

“What you hope to achieve with COPE is to have the best support and response possible because the techs are familiar with all the devices and all the operating systems,” Bernicky concluded. “Day to day support for little problems is as important to the end user as data breaches and security are to the company as a whole.”

{module Gone in 60 seconds}

Related posts