James Tay, CEO at Logicalis Asia, considers the options when it comes to managing the data security risks associated with BYOD. Should it be the traditional Network Access Control (NAC) approach, the belt and braces of Mobile Device Management or the less invasive Mobile Application Management?

1. Bring your own device (BYOD) is here to stay, but what about the
risks?
James Tay, CEO at Logicalis Asia, considers the options when it comes to managing the data security risks
associated with BYOD. Should it be the traditional Network Access Control (NAC) approach, the belt and braces
of Mobile Device Management or the less invasive Mobile Application Management?
Today, nine out of 10 people worldwide own a mobile phone - that ubiquity, along with the rise of smart devices,
has led more and more organisations to allow employees to use their own mobile devices in the work place. As
has been explored in previous posts, the rise of ‘Bring Your Own Device’ (BYOD) opens up opportunities and
threats in almost equal measure.
On the plus side are reduced capital costs and the chance to drive innovation throughout the organisation – but
on the downside are the risks to data security and the complexity that comes with supporting a wide range of
devices. My conversations with customers and colleagues confirm that these are the issues that are exercising
the minds of CXOs considering opening the door to BYOD – data security more than most.
So what are the options when it comes to managing and mitigating data security risks?
Extend and adapt traditional control systems?
Traditionally, networking vendors have employed NAC hardware devices to manage access to corporate
infrastructure. The emergence of BYOD has prompted many of these vendors to expand NAC device
functionality to provide further profiling and context-aware intelligence – gathering information from the device,
the infrastructure and network services before granting or denying access to network services.
Although context awareness provides granularity, all restrictions are facilitated by network equipment like
switches and routers. In some ways I see this approach as something of a workaround, with potential downsides
including a less than slick user experience and knock on effects for productivity. It can work, but it’s not ideal.
Use Mobile Device Management to lock BYOD down?
A second option is to deploy Mobile Device Management, or MDM, which is a software service that monitors,
manages and supports mobile devices deployed across mobile operators, service providers and enterprises.
It’s not a new technology. In fact, it’s been around for years, but MDM is a workable solution. It overcomes the
challenges of providing end-user convenience while achieving the required enterprise security – in essence it
ensures that a line is drawn between mobile work and play.
MDM solutions deliver high levels of data encryption, compliance checking and security breach detection. This
type of service even protects the enterprise if a device is lost or stolen – data stored on the phone is encrypted
and can be remotely erased if necessary.
At the same time, MDM provides cloud options with self-service portals so that users can access a quick and
hassle-free service. Up to a point, this supports employee satisfaction and helps organisations to attract and
retain talent – on top of the wider organisational and cost benefits of BYOD.
Visit Logicalis’ blog www.cxounplugged.com 1

2. There is no doubt that MDM simplifies the deployment and management of BYOD infrastructure, but it’s also
pretty clear that it is not a perfect solution – that is not so much about its efficacy, but about its likely popularity
amongst employees.
Go for a hybrid MDM and MAM solution?
The issue with MDM as a one-stop BYOD security solution is this – many feel MDM is somewhat invasive and
just don’t like the idea that corporate IT is able to access private data.
The point is, in a BYOD environment, you can’t dismiss those concerns. In fact, I think those perceptions could
seriously undermine user confidence in BYOD – aggressively controlling the entire device, allowing camera
disabling, denying access to App Store, as well as locking or erasing data from compromised devices risks
making BYOD feel more like ‘buy your own device’ than ‘bring your own device’. It’s hard to see why many
employees would be keen to sign up to that kind of arrangement.
In my view, that need to balance user satisfaction with the needs of enterprise security, is the main reason Mobile
Application Management (MAM) has increasingly been added to the BYOD mix. MAM enables IT departments to
control the corporate applications and content deployed to an employee’s device without encroaching upon the
employees’ private data – and that is a really important distinction.
In fact, MAM is increasingly becoming a preferred approach. But it is worth remembering that MAM and MDM are
complementary technologies, since MAM focuses on the software while MDM leverages the hardware. Indeed,
MDM vendors are increasingly defining themselves as MobileIT, essentially a combination of MAM and MDM –
and this is, at the very least, a solution worth considering.
The right balance
The key for CXOs seeking to enable a BYOD culture is to find a solution that balances flexibility with control. Any
solution which goes too far in limiting or controlling the use of devices bought and paid for by employees
themselves is likely to be resented, or even rejected altogether – rendering BYOD dead in the water.
On the other hand, realising the potential cost and resource efficiency, innovation and employee satisfaction that
BYOD can underpin should never come at the expense of data security.
In my opinion, solutions to these challenges are still evolving and, of course, the right choice will depend on the
nature of the business – so it is worth exploring all the options in detail.
However, given the need to balance flexibility with control, it is not a great surprise to see the tide turning in
favour of MDM/MAM or MobileIT – and it is certainly the best, most flexible option available at the moment.
Visit Logicalis’ blog www.cxounplugged.com 2

3. About James Tay
James Tay, Chief Executive Officer, Logicalis Asia
James Tay is the Chief Executive Officer of Logicalis Asia. Prior to Logicalis’ acquisition of the NetStar Group in
January 2010, James had held the same position in NetStar. During his 8 years of services with (NetStar, then)
Logicalis, he has transformed the Company from a product-focused organisation to one that is centred on
Managed Services.
An ICT industry veteran, James was President of Sales at EDS PLM in Asia Pacific prior to joining NetStar.
During his 16-year tenure at EDS, James held other senior management positions at various levels. He was the
Managing Director for Asia, and was directly involved in setting up the EDS offices in China, Indonesia, Malaysia,
Singapore, Taiwan and Thailand, as well as establishing distributor networks in Korea and the Philippines.
James received his Master’s degree in Engineering Business Management from the University of Warwick, U.K.
Visit Logicalis’ blog www.cxounplugged.com 3