BYOD and COPE – A Project Report

BYOD anhd COPE at Cortado
The Cortado Group settles on a mixed concept of BYOD and COPE

BYOD (Bring Your Own Device) or COPE (Corporate Owned Personally Enabled)? Even in the Cortado Group, the question of the right concept for productive mobile work arose years ago. In Q2 2013, the development of a concept began. Now the time came to review the project and draft an interim summary.

What is more suitable? BYOD or COPE?

But let’s take a look back. One thing was clear – Cortado employees should be able to work while on the go. As the enterprise mobility solution Cortado Server is one of the main products, it was of course important to us that our colleagues also work with the in-house solution. Any possible potential for improvement can be easily discovered along the way and then be incorporated into the product’s future development.

In the end, we decided on a mix of COPE and BYOD, because every employee should be able to use their favorite device if possible, and company devices need to be managed too. The only conditions were that we would allow any device as long as it can be integrated and managed with Cortado Server and it supports all Cortado Server features. So employees currently have a choice between smartphones and tablets running iOS (Version 7 and up) or Android (Version 4.1 and up). Windows Phone or Fairphones with Ubuntu or Symbian cannot be managed with Cortado Server and were omitted.

Together with the human resource and legal departments, a BYOD agreement was drafted for employees. “Some employees thought that they would now have to check their e-mails after work. But no one here expects that,” reports Regina Gerds from the HR department. “Participation in BYOD is of course one hundred percent voluntary. I myself am participating and think the program is great. But no one here is cajoled or forced to take part.”

Legal considerations

The legal department was naturally very apprehensive about concepts that inseparably mix business and personal data. Particular attention was given to the question of data protection, employment and liability aspects. The result is that an employee wishing to participate in the BYOD program must explicitly consent to data monitoring by the employer in accordance with Germany’s telecommunication laws – consent however, which can be revoked at any time. The IT department must also have access to the company data at all times, even when it is saved on an employee’s personal device – unfortunately this is usually accompanied by the IT department also having access to the employee’s personal data.

Employment law requires the employer to work out when an employee is allowed to be contacted by the employer outside of working hours. The employer also must ensure, for example, that it has sufficient licenses available for the operational use of the software saved on the personal device in order to avoid copyright infringements. Tax issues were also raised. Liability-related regulations also had to be drawn up, like who is liable for the loss or damage of the personal device itself as well as the company data stored on it. In addition to the legal aspects, the IT department also had to answer practical questions, such as the open selection of hardware and software and the support for them, and pin them down in the agreement.

Key points of the agreement:

  • For newly purchased devices (including secondhand devices), the company reimburses half of the purchase price as an employee benefit.
  • If an existing device is used, the company assumes half of the net basic fee.
  • A new device can be purchased every two years, with the employer paying half of the purchase price.
  • The company assumes half of the current net basic fee.
  • In return, the employee commits to using Cortado Server.
  • Devices that have been jailbroken are not supported.
  • If the device is lost, the user must inform the company immediately, so the IT department can perform a partial wipe to remove the company data from the device and make it inaccessible to third parties.

Mobile work at Cortado

The start date for the BYOD program came in Q3 2015. About a third of the workforce currently participates in the BYOD program. Also, about 30 additional employees are provided with devices fully supplied and financed by the company.

The employees have access to files in the company through the connection to Cortado Server and can edit and share these files with others. Mobile printing is also an option that is useful for employees.

Of particular importance to most employees is access to their e-mail accounts. The devices are centrally managed via the management console of Cortado Server by the company’s IT department.

The foundation for the user management is the Microsoft Active Directory, which can be linked to Cortado Server. Of course the rights for mobile use can be customized accordingly. VPN and e-mail profiles as well as various apps are rolled out via Cortado Server.

“In the management console, we always have an overview of the devices and software versions in use,” reports Jörg Sitek, IT Director of Cortado Holding AG. “We see which device has which software version and whether it is up to date. If it is outdated, we can alert the user and ask them to update, so that vulnerability gaps in the devices used can be closed as quickly as possible.”

For the distribution and management of licenses, the IT department relies on the VPP (Volume Purchase Program): apps are purchased centrally and assigned to individual users. If an employee leaves the company or withdraws from the BYOD program, the apps can be assigned to a different, new user. In addition, said Jörg Sitek, you are always using the current software versions.

By using geolocation when a device is lost, there is the possibility of retrieving the last location and thus giving you a chance to recover the device. It is also a great way to keep track of devices that are constantly changing location. Cortado Server also supports the Lost Mode; this means that devices are locked when they are reported “lost.”

Not wanted, of course, are jailbroken devices, because they can access dubious app stores, where the apps are not subject to any security checks, and thus the probability of compromised apps is particularly high. The use of manipulated devices is therefore prohibited in the settings.

“The support needed for the BYOD program is minor,” says Jörg Sitek. Now and then a user enters the wrong PIN and needs to be helped by the IT department. “Otherwise, BYOD at our company is a practical and low maintenance story for us.” The setup for the user is minimal, and access to company data is ensured at any time thanks to the simple integration. By using Cortado Server, the users are ready faster to work and the burden on IT is reduced.

If you want to learn more about the topic of BYOD, then watch our webinar BYOD or COPE – Who is doing it better, iOS or Android? or read our white paper BYOD – A Concept with ROI Potential. Or talk to our colleagues at

Comments are closed.