Strengthening security: Updates on VPN access and using personal devices for work
September 16, 2025 •
UCOP is continuing to strengthen cybersecurity protections across our network. As part of phase 2 of the President’s Cybersecurity Letter effort, we are making two significant changes to help keep UC data safe — expanding security posture checking to the UCOP VPN and updating the Bring Your Own Device (BYOD) Standard.
Bottom line: UCOP-issued devices are set up for secure VPN access, and most people don’t need to take any action.
Expanding security posture checking to the UCOP VPN
The UCOP VPN allows you to securely and safely connect to UCOP systems while working away from the office. Continued posture checking — our automated process that ensures continued compliance with essential cybersecurity controls — helps us to ensure that only secure and verified devices can connect to the VPN.
UCOP already uses posture checking to verify devices that access our most sensitive systems. Beginning Sept. 22, 2025, this process will expand to include all devices that access the general UCOP VPN.
What to expect
- All UCOP-issued devices are set up for VPN access. No additional steps are needed to connect your work computer to the VPN.
- Starting Sept. 22, non-UCOP devices, including personal computers, cellphones and tablets, are not allowed to connect to the VPN unless you have been approved for a BYOD exception. (Read on for more information about this process.)
- When you’re working from the office, you can still connect personal devices, such as cellphones, to the UCOP guest WiFi network. This restriction only applies to the VPN.
Understanding BYOD Standard updates
UCOP laptops and desktops are equipped and continually updated with all needed security tools. This allows you to securely connect to UCOP systems, including the VPN, without any extra steps.
Using a personal device is more complicated because of the security and legal standards that must be met for you to access UCOP systems. New requirements are outlined in the updated BYOD Standard, and include:
- Required UCOP endpoint protection: You must install UCOP’s endpoint security software if you use a personal device for UCOP work.
- Storing UC data requires exceptional approval: You may not store UC data on personal devices or personal storage applications (such as Google Drive). You must have an exception approval and UCOP security software installed.
- Consent to access is required: If you use a personal device for UCOP work, you must grant UCOP access to your device if there’s a legal or security need.
- E-discovery access is required: In certain legal cases, UC may be required to collect UCOP-related information from personal devices. If you use a personal device for UCOP work, you must agree to make your device available for e-discovery.
Requesting personal device access through the BYOD Standard
Working exclusively from a UCOP-issued device is the easiest, most secure method to choose when conducting your work on behalf of the university. Because of the security challenges and requirements outlined above, we discourage using personal devices for work purposes; however, exceptions are available if you believe you must continue using your personal device.
To request a BYOD exception, review the BYOD Standard and complete the BYOD Request Form (available on page 8). You must have approval from your immediate supervisor and division leader.
Need help?
If you have issues with VPN access, contact the Service Desk at (510) 987-0457 or servicedesk@ucop.edu. After-hours Enterprise Shared Services (ESS) support is available from 5 – 10 p.m. (PT) at (510) 987-0363.
Tags: cybersecurity, Duo Mobile, ITS, personal devices, VPN
