Securing access to mobile device during covid times? Things one should know – BYOD, COPE ….
Vinayak Joshi
Sr. Architect/Customer Success Manager | Mobile App Ecosystem | Digital Transformation and Digital Experience Specialist | Solution Consulting, Management, Technology and Security
As the well-known quote says:
“When you reach the end of what you should know, you will be at the beginning of what you should sense.â€
― Kahlil Gibrán, Sand and Foam
The end of 2019 brought in the start of an era where most of the data information creators or consumers are pushed to go out of the secure boundaries of enterprise security and into highly vulnerable end users network environment.
This is a dangerous situation, though inevitable, for enterprise security teams!
Countries like India and some of asian countries where exposing enterprise data outside is still a taboo, it is a big game changer. With more users going inwards to work from home, more digital payments, more phishing attacks on mobile devices, more data breaches.... I mean the list grows....
No problem... ! All the state of the art EMMs/MDMs, the Mobile Threat Defence (MTD) solutions are to the rescue. Not only they help protect and mitigate high exposure risks... they have also made sure that the seamless operational experience is not hampered in any way.
The biggest pain point of any CIO in adopting any information system are:
- What SW to use? How efficient it is compared to other solutions? How flexible it is in seamlessly integrate with other existing systems?
- Return on investment
- Scalability
- Ease of procurement, deployment and configurability etc.
Luckily these light weight, highly adaptable mobility solutions, advanced MTD solutions provide the best options for enterprises and CXOs on the above pain points.The information technology industry has leveraged these in the best possible way and configured them in a way they can customise it for their benefit.
You may see host of Enterprise Mobility Management (EMM) solutions provide variety of deployment methods to suite the data protection and compliance enforcement through:
- Bring Your Own Device (BYOD)
- Company Owned Business Only (COBO)
- Corporate Owned Personally Enabled (COPE)
- Company Owned Single Use (COSU)
- iOS Device Enrolment Program /Apple Business Manager User Enrolment
In brief what these means is detailed explained here:
Bring Your Own Device (BYOD)
Here the users personal mobile device can be enabled to access and transact the enterprise data. It is obvious that this approach doesn’t manage the entire device or private user data. Therefore, consistent separation of private and business data is the basic requirement for this concept. Every convenience brings with it some caveats, so as BYOD – user privacy concerns, peripheral hardening controls etc.
Company Owned Business Only (COBO)
Here the device remains in a fully managed by corporate mobility team and EMM. This mode is meant for business use, so will have mainly corporate owned applications. One cannot install the TikTok’s, personal apps etc here. Under a COBO policy, companies supply workers with a device to use and restrict this hardware for business use only. Employees often weren’t given a choice for what device they would have.
The CXOs, Directors and higher privileged users of corporate ladder will normally get to use them.
Corporate Owned Personally Enabled (COPE)
When the enterprise extends corporations extend the company phone to mid-management and other employees than the higher management, it is called Company Owned Personally Enabled (COPE).It is an intermediate deployment mode between BYOD and COBO. BYOD enables accesses on user owned phone, so a mobility team cannot enforce stricter rules, cannot collect many information about the phone. COBO is fully company owned and managed, so there is nothing interesting there other than pure business only apps.
COPE devices are the interesting space where in company owned hardware is managed through corporate EMM, at the same time the phone user can use it for personal purpose as well. It is a middle ground and preferred approach for covid kind of situation.
Employees experience the same benefits of BYOD, while eliminating the concern over how sensitive data will be protected. Workers can still post, tweet and play games through the devices as well as use them for work purposes. They are be able to choose from certain services and apps that are approved by the IT department. This approach is much more effective in preventing workers from leveraging programs that could compromise devices and line-of-business resources.
Company Owned Single Use (COSU)
This is highly restrictive way of deployment. This is also used as kiosk mode of deployment. Here a single or only a few restrictive set of applications can be deployed on a mobile device and not much of a scope exists for the end users to install and use device for any other purpose. The mobile devices used in fashion kiosks at airport, coffee shops are some of the places where you might see such mode of deployment.
iOS Device Enrolment Program /Apple Business Manager User Enrolment
As each operating system or device vendor brings in their own facility and features which define their unique selling points, apple brings in its own set of flavoring to the mode of app deployment. Device Enrolment Program(DEP) is a unique deployment mode, which allows administrators to pre-provision iOS, iPadOS, and macOS devices to automatically self-enroll into Systems Manager before even touching them, and provides an additional level of management control through bulk device supervision. This greatly simplifies adding and deploying iOS, iPadOS, macOS, and tvOS devices with Automatic Device Enrollment into EMMs.
Google Android and Apple iOS are pioneering the herald of a new era of enterprise mobility management through Android enterprise and ABM UE. With the evolution of EMMs (Microsoft Intune/Endpoint Manager, MobileIron core/cloud, Blackberry UEM, VMWare Workspace One/AirWatch, Citrix XenMobile …) + ever evolving cutting edge MTD solutions… The future looks exciting… Future looks secure…
References:
- https://docs.microsoft.com/en-us/mem/intune/protect/mobile-threat-defense
- https://www.faronics.com/news/blog/byod-vs-cobo-vs-cope-vs-cyod-whats-difference-right-organization
- https://documentation.meraki.com/SM/Device_Enrollment/Apple_Device_Enrollment_Program_(DEP)
- https://9to5mdm.com/2018/04/mobileiron-core-9-7-supports-android-oreo-cope-activation/
- https://emm.how/t/using-samsung-knox-enrollment-and-mobileiron-trying-to-get-to-a-cope-solution/731
- https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1909/Android_Platform/GUID-AWT-COPE-ENROLLMENT-OVERVIEW.html
·