Date: 31 Oct 2018 Category : CommsLock | Author: Graham Penrose
Defining the mobility terms BYOD, CYOD, CLEO, and COPE
The tech industry is full of jargon, buzz words, TLA’s (three letter acronyms), and quite a few FLA’s (four letter acronyms). Much of them are very fancy terms for pretty mundane stuff. In this brief post we explain a few that actually are meaningful and thankfully non-technical which help us to classify the status of an employee or contractors mobile device when used in the work environment.
The knowledge of the type and usage pattern of mobile devices in the workplace is critically important in cybersecurity. An audit of mobile device use allows employers to understand the potential risk that the use of these devices introduces to the organisation and take the appropriate steps to mitigate the associated risk.
Defining the mobile device threat landscape assists organisations with developing policies to govern their use. It allows organisations to choose the appropriate centralised risk management and policy driven tools to manage and monitor mobile device use by employees.
These tools may restrict certain actions in certain locations, limit or remove access to internal systems if a compromise is detected on a handset, enforce password and pin for access to apps, restrict or ban the use or download of apps, provide panic modes that can instantly wipes sensitive data and so on. The centralised policy driven approach can be as granular and as invasive as an organisation is legally allowed to be. The degree to which an organisation can dictate mobile device usage is a function of who actually “owns” the device. There are employee privacy rights issues at play her too but more on that in a later post.
The organisation can also choose to deploy additional on-handset tools to manage the associated risk – encrypted communications apps for voice and texting, secure video conferencing, secure file transfer, anti- virus tools, adaptive threat defense tools in a rapidly changing malware environment, and virtual private networks for example.
In the process the organisation may also seek to ensure that employees do not bypass corporate policy or use shadow IT * that will in many cases represent a potential compromise of enterprise security. * Shadow IT refers to information technology projects that are managed outside of, and without the knowledge of, the IT department. At one time Shadow IT was limited to unapproved Excel macros and boxes of software employees purchased at office supply stores.
In a post-GDPR EU, for example, the ability of employers to reduce the number of attack vectors available to hackers is central to compliance and the weakest link in most if not all organisations are mobile devices.
In order to develop a mobility risk profile, the classification of what category mobile handsets used by employees fall into is the baseline. The four main classifications are:
BYOD – Bring Your Own Device is any employee device (smartphone, cellphone, tablet, notebook, or PC) or application (mobile or cloud-based) that accesses corporate networks through the use of telecommunications services. The corporate network includes corporate intranets and carrier services purchased by the corporation, local networks, guest networks or core networks with VoIP services that are controlled by enterprise.
CYOD – Choose Your Own Device is much the same as BYOD where the employee can choose their device but is limited to devices and applications on an approved device list provided by the organisation.
CLEO – Corporate Liable Employee Owned is where employees own the devices, but the employer is responsible for the service costs.
COPE – Corporate Owned Personally Enabled is the opposite of BYOD allowing personal use of company devices for personal activities including social sites, email, calls, as well as work related activities. The organisation provides employees with the devices and a suite of approved applications for work purposes. The company maintains ownership and in that way can exercise a greater degree of control.
For more reading, we like “The Ultimate Guide to BYOD in 2018” by Stephen Cooper.