BYOD 2.0: New models and technologies expand the options for secure employee choice
Recognizing that employees often work best when they’re allowed to choose their own tools, BYOD policies let people use their own devices, whether occasionally, primarily or exclusively, for work. As mobility and consumerization continue to transform IT, CYOD and COPE have emerged as alternatives that combine freedom of choice with increased control for IT. COPE can also be implemented side-by-side with CYOD or BYOD as a hybrid strategy to empower mobility in the right way for different users and groups. For example, COPE provides a way to ensure choice and mobility for employees who might not be able or willing to use their own personal devices at work, or who might otherwise be unsuitable for a BYOD or CYOD option.
The reality is that many people are already bringing their own devices to work, whether sanctioned or not. Without a coherent, comprehensive strategy for BYOD, CYOD or COPE, encompassing both policy and technology, an organization can face significant risks from security and compliance gaps to escalating IT complexity.
From a technology perspective, the most obvious question—especially where BYOD and CYOD are concerned—is how people will be able to access enterprise applications and corporate data and files on their personal devices. Simply installing apps directly on the device would raise serious security, privacy and compliance risks, license management issues and support complications, as well as restricting employee choice to Windows-based devices—and leaving other consumer devices out of the picture. For BYOD and CYOD as well as COPE, IT must also prevent the corporate apps and data on the device from being exposed to risk through the personal content it may also contain, such as when someone uses a personal, consumer-grade file sharing service to store and sync corporate data, or when a virus introduced through a personal game exposes corporate data stored on a device.
For this reason, any BYOD, CYOD or COPE program must include technologies to enable completely device-independent computing through enterprise mobility management (EMM), Windows desktop and app virtualization and secure file sharing supplemented by online collaboration and remote support services. With this approach, IT can provide optimal freedom for people while maintaining security and control. People gain single-click secure access to all of their Windows, web, SaaS and mobile apps through a unified app store on any device, over any network, with single sign-on and seamless session roaming across locations, networks and devices. IT gains a single point of control to provision and de-provision apps of all types quickly, whether to provide new resources or to cut off access when it is no longer needed or appropriate. In most scenarios, business information remains secure in the datacenter; in cases where it has to reside on the endpoint, it is protected through containerization, encryption and remote wipe mechanisms. An EMM solution that provides mobile application management (MAM) and mobile content management (MCM) capabilities in addition to mobile device management (MDM) allows IT to take a granular, app-by-app approach to security instead of or in addition to device-level controls.
In this way, IT can simplify management and reduce costs while empowering people to work easily, securely and seamlessly across any type of device, regardless of who owns the device. By leveraging the ability to granularly manage data, and application information, sensitive data can be protected while freeing IT from the need to manage someone’s personal device. IT gains identitybased provisioning and control of apps, data and devices, automatic account de-provisioning for terminated users and selective wipe of lost devices.
BYOD, CYOD and COPE policies can vary significantly from organization to organization depending on your priorities and concerns, and should be designed in consultation with HR, finance, legal and IT security teams. In general, the main differences between BYOD, CYOD and COPE deal with costs. BYOD users pay for their own devices and data plans, sometimes with a partial or full stipend provided by the company. For COPE and CYOD, the company pays directly for the device and data usage. A BYOD policy may also need to address considerations beyond the scope of COPE and CYOD, such as the question of whether employees should be paid overtime for checking email after hours or on weekends.
The following section presents guidelines and best practices for BYOD, CYOD and COPE policy development, as well as their implementation through Citrix solutions including Citrix Endpoint Management , Citrix Virtual Apps , Citrix Receiver , Citrix Gateway, Citrix Content Collaboration and Podio .