COPE stands for corporate-owned, personally enabled, and it’s a way for organizations to empower a mobile workforce and (hopefully) avoid some of the problems of “bring your own device,” or BYOD. Many IT departments dislike BYOD, and many end-users see BYOD as a corporate opportunity to make employees pay for the hardware they use for work.
COPE offers an alternative to organizations that want to take advantage of mobile technology for their workforce.
Critics of BYOD may be skeptical of COPE as well.
The acronym COPE, attributed to Enterprise Mobility Forum founder Philippe Winthrop, is a concept where organizations provide employees with mobile devices and allow them to use those devices as if they were personally owned. With COPE, the organization technically owns the devices, is responsible for monthly usage costs, and selects product vendors and data plans on behalf of employees. COPE is another acknowledgement of the blurring of boundaries between work and personal technology use. But whereas the central question for IT departments with regard to BYOD is:
“How is data secured on a device we don’t own?” the question with COPE is “How can we relax our hold on devices to safely allow employees to use them for personal matters?”
Advantages of COPE
Perhaps the biggest advantage of COPE is legal. With COPE the employer has clear authorization to pull data from a device if it’s misused. With a COPE device, the employee has much less expectation of privacy than she does with a personal device. Therefore, with COPE, searching a device for intellectual property theft, for example, is more straightforward legally.
COPE also allows organizations to take advantage of corporate discounts, which can be sizable. Whereas with BYOD, companies may save money on capital expenditures, they can save more on operational expenditures with COPE. Plus COPE gives organizations more control over carrier, mobile device management, and device preference.
When a BYO device is lost or stolen, organizations may be limited in their legal options when it comes to clawing back the data accessible on it. In the EU and Korea, for example, companies are forbidden from wiping data from devices they don’t own. Yikes! Plus, with COPE devices, an organization can preconfigure the device before handing it over to the employee, installing security and application management configurations.
Disadvantages of COPE
Access to personal data on COPE devices may be limited, and if you put mimes in charge of it, it takes forever to act out the typical person’s Friend list.
The biggest danger with COPE is the false sense of security it can foster. Sure, employees may not have the expectation of privacy they would with their own device, but they do use COPE devices for personal business. So, should companies go snooping into password-protected personal accounts (like social media accounts), they could get into legal trouble. This is a legal area that is largely unexplored, so just how much privacy an employee can reasonably expect with a COPE device isn’t clear yet.
Another disadvantage is that country-specific legal peculiarities may make COPE overly complicated with a workforce that does a lot of international business travel. Again, it’s new legal territory and there are many unknowns.
User behavior is still a risk with COPE. Regardless of who owns the device and data, users may still inadvertently download an app with malware, or otherwise allow data to be compromised. Some companies cope by having an “enterprise app store” with allowed apps, but that won’t stop some from installing what they want.
COPE Best Practices
Philippe Winthrop suggests a few best practices for companies considering a COPE strategy:
• Provide a shortlist of approved devices. He suggests half a dozen devices will “have 80% of the market covered.”
• Develop and implement a strong mobility policy, and enforce it consistently.
• Work with carriers to negotiate the best terms for rate plans, voice, data, SMS, etc.
Naturally, IT departments need to have the budget and the tools to be able to cope with the extra tasks expected of them that go along with a COPE policy, including possible expansion of the IT service desk to cope with the proliferation of devices.
BYOD places burdens on IT that can cause it to be more trouble than it’s worth, due to the seemingly infinite number of platforms employees use. COPE looks at mobility from the opposite side, in that rather than making corporate apps work on personal devices, it allows personal use of company devices. For companies that haven’t yet embraced mobility beyond the Blackberry, COPE can be an easier transition than BYOD, but it has to be part of an overall mobility plan that serves greater efficiency and productivity while protecting company assets.
Whether your company embraces BYOD, COPE, or neither, you can’t get away from the need for leading IT service desk and IT asset management software. Samanage is a leading provider of IT service management software that’s flexible, scalable, powerful, and ready to take on the challenges mobility brings to the workplace.
About Matt Shanklin
Read more articles by Matt