Enterprise information technology (IT) security specialists might have quietly jumped for joy when a California court ruled that companies would have to reimburse employees for the work-related use of personal cell phones. Some observers suggested that the ruling would put the brakes on the bring your own device (BYOD) trend that has upended traditional enterprise network security measures.

But the forces driving the BYOD trend are probably too powerful to be upended by legal complications. In particular, employees themselves are the great drivers of BYOD, choosing to use their personal devices for work tasks, even if a company-provided alternative is available. This means that, one way or another, enterprise IT security will need to take the trend into account.

California Court Hands Down Ruling on Bring Your Own Device

As Tom Kaneshige reports at CIO.in, the California Court of Appeals ruled in mid-August that companies must reimburse employees for the required work use of their personal devices. Ruling in Cochran v. Schwan’s Home Service, the court stated, “We hold that when employees must use their personal cell phones for work-related calls, Labor Code Section 2802 requires the employer to reimburse them.”

The court ruling does have the potential to substantially derail BYOD; because it was made in California, where the tech industry is especially prominent, its impact will surely be extensive. It could also give firms justification for limiting BYOD in order to protect themselves from reimbursement claims.

Yet BYOD has not been driven by firms requiring it of employees in order to save on company-issued mobile devices. Far more often, the pressure for BYOD comes from the employees themselves, who prefer the convenience of using their personal devices.

Rethinking Network Security in the Mobility and Cloud Era

All of this means that the BYOD challenge to enterprise IT security is not likely to go away on its own. Executives and security experts alike will have to come to grips with it.

Moreover, according to Erik van Ommeren, Martin Borrett and Marinus Kuivenhoven in their new e-book, “Staying Ahead in the Cyber Security Game,” the BYOD trend is expanding in the cloud era to become “bring-your-own-IT-capabilities,” or BYO-IT. Employees cannot only log on with their personal devices, but they can use those devices to access enterprise-strength cloud resources, such as complete customer relationship management solutions.

The traditional model of IT security was built primarily around endpoint protection, and endpoint security remains important. However, security must now embrace the entire technology stack; it must be centered on data and context. For each attempt by a user to access data, the system must ask, “Can the user, at this time of day, at this location, through this device, for this purpose have access to this functionality using this specific data?” according to the e-book.

This approach suggests layers of security. Some sorts of data are readily available to users, while other uses of data may be highly restricted. For many enterprises, “choose-your-own-device” (from a menu of allowed options) may be as far as it is now practical to go.

Download the free e-book: Staying Ahead of the Cyber Security Game

More from Endpoint

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…