Actions

COPE Model (Corporate-Owned, Personally-Enabled Model)

Corporate owned, personally enabled (COPE) is an IT business strategy through which an organization buys and provides computing resources and devices to be used and managed by employees. COPE allows an organization to source and deliver computing devices and services to employees and is how most organizations provide handheld or portable devices/gadgets to their employees. These devices can include but are not limited to laptops/notebooks, smartphones, tablets PCs and/or software services.[1]

The COPE model can facilitate an organization's mobile device management (MDM) and mobile application management (MAM) initiatives and provide the organization with greater power to protect the organization's data both technically and legally. Because the company owns the line of service, it also has the power to select which vendors to work with and which device models (and data plans) will be provided. Both the BYOD and COPE models reflect an ongoing trend towards more fluid boundaries between personal and work-related use of technologies.[2]


Larger enterprises are more likely to employ the COPE model, as it maximizes control over mobility in many ways. Employees are given smartphones that are paid for by the company, meaning the business retains ownership of the devices. There is some flexibility involved as well, as enterprises can still offer employees options. It’s a popular choice for financial institutions and health care providers due to their regulatory needs for compliance and security. COPE offers organizations the most control and authority over all mobile devices which results in lower security concerns than BYOD and CYOD. Repairs and replacements are more standardized and easier to execute. However, your uses may have less freedoms with their devices which may impact productivity. A COPE approach requires that the business take a very proactive, innovative approach for keeping pace with technology which equals forward thinking and vigilance. It is also the slowest to deploy.[3]


The challenge with COPE is contingent on the latitude that enterprises afford employees to load personal applications and data. If the enterprise allows employees to load applications from third-party app stores then there is a significant risk for malware and Trojans to find their way onto corporate devices and create a threat vector for data breaches. With mobile devices becoming a high profile target of choice for cyber criminals, it is important that your COPE mobile strategy comes with policies that ensure a secure mobile enterprise and prevent high risk applications from being installed. Considerations for the implementation of a COPE strategy should include application controls and enterprise application containerization to ensure corporate data is secure. Several MDM solutions provide application containerization which is FIPS (Federal Information Processing Standard) validated and AES (Advanced Encryption Standard) at the application layer. This is an important consideration for both COPE and BYOD mobile device governance strategies because of personal and corporate assets being commingled on the device.[4]


Corporate-owned device policies provide several benefits, such as:

  • The ability to actively manage and control if and when a device can access particular apps, sites, services, networks and solutions.
  • The opportunity to wipe a device of any corporate data when an employee loses his or her device or parts ways with the organization.
  • The chance to incorporate controls on the device that determine how applications, networks and IT systems can be utilized remotely, and whether specific information can be retrieved in certain scenarios.[5]


COPE vs. BYOD[6]
According to Winthrop, COPE offers big cost benefits. Under BYOD, employees buy and expense the devices and services they need, while the employer may reimburse all or a portion of these costs, based on preset policies. But that can leave companies paying retail prices. COPE lets IT departments keep their sweet corporate discounts. With BYOD, Winthrop said, “CFOs see a way to save a couple hundred bucks on CapEx (capital expenditures). They’re missing an opportunity to save far more on OpEx (operational expenditures).” Keeping data where it belongs is the other big problem within BYOD. Worries about misplaced and insecure devices or malware-infected machines keeps the IT folks reaching for the antacid. Not only are employee-owned devices at greater risk, but sometime laws can hamper what a company can do to help itself. In the European Union and South Korea, for instance, laws specifically forbid a company from wiping data from equipment it doesn’t own. So, if a smartphone gets left in the airliner’s seat pocket, any data on that phone is out in the wild. COPE neatly circumvents challenges like this. If the company owns the device, it can yank data back regardless of regulations. And, since they can preconfigure the device before handing it to employee, IT can easily insert security and application-management protocols. “With COPE, it’s all about balance,” Winthrop explained. “When I said ‘loosen my grip,’ I didn’t say ‘let go.'” COPE also eases support issues by deploying the same hardware to every employee. In the BYOD scenario, IT might not even be able to repair all the possible devices, and vendor or third-party support services may not be completely secure. To be fair, there are ways of mitigating the BYOD issues. Many companies that support BYOD maintain lists of approved devices, and let employees choose only from lists of approved devices and engage trusted third-party service and support vendors. Others keep all secure company data and access in a cloud-based virtual desktop or profile, reducing the risk if the device is compromised.


See Also

Mobile Application
Mobile Application Management (MAM)
Mobile Content Management (MCM)
Mobile Device Management
Mobile Information Management (MIM)
Enterprise Mobility
Enterprise Mobility Management
Bring Your Own Device (BYOD)


References

  1. Defining the COPE (corporate-owned, personally-enabled) Model?Techopedia
  2. What is COPE (corporate-owned, personally-enabled)? Techtarget
  3. Explaining COPE (corporate-owned, personally-enabled) Calero
  4. The Challenges of COPE (corporate-owned, personally-enabled) Model? Ovation Wireless
  5. The Benefits of COPE (corporate-owned, personally-enabled) Mobile Business Insights
  6. COPE vs. BYOD Readwrite


Further Reading

  • Making the Case for COPE Blackberry
  • IT Learns to COPE With Mobile Devices cio.com
  • Corporately-Owned, Personally-Enabled: When is COPE the Right Mobility Model for Agencies? Accenture