In 2012, security conversations about mobile workers tended to focus around four letters: B-Y-O-D. The bring-your-own-device trend was hot. Workers wanted to use their own smartphones and tablets, and enterprises wanted to give them the flexibility to stay connected from anywhere, at any time. Employee satisfaction, collaboration and productivity were high, but so was risk, since few businesses knew how to adequately protect their sensitive information in the age of BYOD.
Today, many companies are trying to answer their BYOD security concerns with four new letters: C-O-P-E. In an attempt to regain some control without stifling mobility, organizations are adopting corporately owned, personally enabled device policies. The smartphone or tablet belongs to the employer, and the employee chooses how to use it.
Is COPE any more secure than BYOD?
Understandably, enterprise IT wants to know whether today’s approach beats yesterday’s. CIOs can yell “C-O-P-E!” or “B-Y-O-D!” at each other all day long, but neither side comes out on top, since the initial question is misguided. Is COPE any more secure than BYOD? Not unless businesses look at the most important security factor in the mobile workforce: F-I-L-E.
Whether employees use their own iPads to collaborate over intellectual property or they use their employer’s BlackBerry to do it, the security risk remains the same unless the company is protecting data at the file level. That’s because regardless of who owns the device, the user can still download, forward, print or share data. The user can still share his mobile device, or lose it, or have it stolen. And the user can still upload data to insecure, commercial-grade file-sharing services in the cloud. Whether a company relies on BYOD or COPE, its employees can still open the door to file leaks – either accidentally or on purpose – unless the enterprise wraps security directly around individual files.
Most IT professionals know that regardless of which corporate policy they adopt, the mobile and cloud data risk persists. The only way to adequately address that risk is to ensure that any file that is shared, synced or sent carries the same level of security and usability no matter where it travels in the course of business. The company must retain the ability to revoke or limit file access in order to protect sensitive information.
The question of whether to embrace BYOD or COPE is a legitimate one. There are cost and human resource implications to both approaches that enterprises must consider. However, when it comes to security concerns, the relevant question isn’t whether employees should own the devices or enterprises should own them. Instead, companies need to ask whether their files are protected regardless of how they are accessed and where they are shared.