The concept of “Bring Your Own Device” seems so simple. Employees can just tote their personal phone or tablet with them to the office – which they’re probably doing anyway – and use it for work. Or, they access the corporate network remotely, from home or while on-the-go. BYOD and remote access have always seemed like a win-win arrangement – employers pay less hardware costs and employees gain convenience.
Of course, it’s never really been that simple or straightforward. And now, following a ruling by the California Second District Court of Appeal, BYOD looks poised to become even more complicated.
Last month, the court ruled that companies in the state must reimburse employees who use their personal phones for work purposes. Specifically, the ruling covers voice call expenses, and reimbursement is not contingent on an employee’s phone plan – even if the employee has unlimited minutes, for example, the employer must reimburse a “reasonable percentage” of the bill.
The consensus in IT circles is that the ruling muddies the water around BYOD. Now that there’s a legal precedent for voice call reimbursement, mandatory data reimbursement could be the next shoe to drop. And why wouldn’t it? Americans rack up more expenses for mobile data consumption than they do for voice calls. Should the law evolve, and if the California ruling sets a national precedent for other states, many companies may find BYOD no longer saves them that much money.
DataHive Consulting’s Hyoun Park has said that the ruling would be a “deal killer” for many companies, while Forrester Research’s David Johnson told Computerworld that BYOD could now be “sidetracked” for some companies as IT and business leaders scrum over how the ruling affects their own policies.
The ‘Rights’ of Employees
The reimbursement issue is one of many that have been whittling away at BYOD’s appeal to workers. Also high up on that list are security concerns. Employers are worried that many workers who participate in BYOD do not use any additional security features beyond whatever came as the default with the device.
In response, employers have clamped down by adding more security, through supplemental applications and software. This not only undermines the whole concept of BYOD – since the devices are no longer fully the employees’ “own – but there has already been a backlash by employees. Half have said they would stop using a personal mobile device for work if their employer forced them to install security applications. That seems like a very clear line in the sand.
Some have even called for some ground rules to dictate the relationship between workers and employers as it relates to BYOD and remote access. Webroot has gone as far as to call for a “BYOD Bill of Rights.” Among its eight principles, employees’ personal information would remain private, security applications would not denigrate speed or performance of a device, and employees would be able to choose whether to use their personal device for work.
One way for employers to create a secure BYOD environment, without infringing on any of the “rights” employees have defined for themselves, is through a VPN with central management capabilities, also in combination with container solutions like Samsung Knox or Open Peak Secure Workspace.
Network administrators can adopt VPNs to create a secure network tunnel through which devices connect to the corporate network. Central management functionality allows a network administrator to take action as soon as a breach is detected, whether that means revoking network access or deprovisioning a user.
The only way BYOD and remote access will continue to grow is if employers and workers are able to achieve consensus and compromise along the security-convenience spectrum.
Want to learn more about remote access VPN?
In Remote Access VPN For Dummies, we cover:
- The full VPN landscape, including hybrid IPsec/SSL VPN solutions
- The evolution of remote access VPN
- How to provide users with secure remote access
- How to simplify remote access VPN and reduce costs