Enterprise information technology (IT) security specialists might have quietly jumped for joy when a California court ruled that companies would have to reimburse employees for the work-related use of personal cell phones. Some observers suggested that the ruling would put the brakes on the bring your own device (BYOD) trend that has upended traditional enterprise network security measures.
But the forces driving the BYOD trend are probably too powerful to be upended by legal complications. In particular, employees themselves are the great drivers of BYOD, choosing to use their personal devices for work tasks, even if a company-provided alternative is available. This means that, one way or another, enterprise IT security will need to take the trend into account.
California Court Hands Down Ruling on Bring Your Own Device
As Tom Kaneshige reports at CIO.in, the California Court of Appeals ruled in mid-August that companies must reimburse employees for the required work use of their personal devices. Ruling in Cochran v. Schwan’s Home Service, the court stated, “We hold that when employees must use their personal cell phones for work-related calls, Labor Code Section 2802 requires the employer to reimburse them.”
The court ruling does have the potential to substantially derail BYOD; because it was made in California, where the tech industry is especially prominent, its impact will surely be extensive. It could also give firms justification for limiting BYOD in order to protect themselves from reimbursement claims.
Yet BYOD has not been driven by firms requiring it of employees in order to save on company-issued mobile devices. Far more often, the pressure for BYOD comes from the employees themselves, who prefer the convenience of using their personal devices.
Rethinking Network Security in the Mobility and Cloud Era
All of this means that the BYOD challenge to enterprise IT security is not likely to go away on its own. Executives and security experts alike will have to come to grips with it.
Moreover, according to Erik van Ommeren, Martin Borrett and Marinus Kuivenhoven in their new e-book, “Staying Ahead in the Cyber Security Game,” the BYOD trend is expanding in the cloud era to become “bring-your-own-IT-capabilities,” or BYO-IT. Employees cannot only log on with their personal devices, but they can use those devices to access enterprise-strength cloud resources, such as complete customer relationship management solutions.
The traditional model of IT security was built primarily around endpoint protection, and endpoint security remains important. However, security must now embrace the entire technology stack; it must be centered on data and context. For each attempt by a user to access data, the system must ask, “Can the user, at this time of day, at this location, through this device, for this purpose have access to this functionality using this specific data?” according to the e-book.
This approach suggests layers of security. Some sorts of data are readily available to users, while other uses of data may be highly restricted. For many enterprises, “choose-your-own-device” (from a menu of allowed options) may be as far as it is now practical to go.