That said, COPE needs an extremely robust policy. A lot of organizations got spoiled with BlackBerry. They could control everything on the device with 400 IT policies. But now with iOS, there's not that level of control. God forbid, you now have to write down the policies, train your employees, and trust them.
You really have to clearly articulate COPE, especially in the separation between personal and corporate and the assurances of privacy. COPE is a new name for something that was naturally occurring — I've always been given free rein with my corporate device for years — but now it's becoming far more prominent.
CIO.com: BYOD continues to face trust and privacy issues. Won't this be even more of a problem with COPE?
Sidhu: There's very few COBO; everyone is using their corporate-owned device for personal activity. And so the issue of privacy is prominent regardless.
AirWatch in particular has implemented a very impressive feature that gives back privacy to the employee. The feature allows them to prohibit the view of private information from the administrative console. You can flick a switch and suddenly become compliant to the privacy. Now you can't see, for example, personal applications.
The containers are going to provide privacy.
Everybody likes to knock BlackBerry, but there's strong recognition that BlackBerry Balance is one of the most powerful containerized solutions in the industry. If you're given a BlackBerry 10 device with Balance, and you use Gmail on it, the organization has no visibility — zero — unless they seize the device. It doesn't go through corporate systems or the BES, doesn't become audited; BlackBerry has a feature called EMM Regulated, which will force everything through the organization, but very few organizations are implementing that.
Where employees often get caught, using a device with a personal browser while on the corporate WiFi network. This can be seen, but the employee thinks they're in the clear. So it has to be clearly articulated in the policy.
There also has to be a sense of realism. A year or two ago when I was helping organizations write their policy, they would want language around allowing the organization to seize personal hardware in case of a legal dispute. But lately I've been telling them, "Listen, if someone is using Outlook Web access from their home computer and they saved an attachment, do you have the right to seize their home computer?"
I've written COPE policies indicating that an employee has a reasonable expectation of privacy on any form of communication on the mobile device that is not corporate.
If you want to gain productivity out of the currently unconnected employees, which are the majority, and you say, "Absolutely, you can sign up for this program," and the policy says the employee has no expectations of privacy or there's a complex password requirement or there's a blacklist of Facebook or Instagram, what kind of adoption will you get?
Adoption is key; it's expensive to put a program in place.
Sign up for Computerworld eNewsletters.