MDM Not The Only Avenue To BYOD Security

November 2, 2011 - 3 Comments

Okay, this may sound like gibberish. But I’m sure that many of you know what I mean. Just to be clear, let me put the title in plain English: Mobile Device Management (MDM) is not the only approach to help secure a Bring Your Own Device (BYOD) environment.

Cisco’s recent Visual Networking Index Forecast predicts that there will be 15 billion network-connected devices by 2015. CIOs and IT engineers alike everywhere are wrestling with this question: how do I deal with the flood of devices hitting my network? The challenge is not just about Angry Birds. It’s also about phish, Trojan horse, and other cyber creatures that threaten data privacy and IT controls. To help address this issue, Cisco is joining hands with IDC Research to discuss BYOD-related security issues in a live webcast on November 8, 2011. One of the topics is MDM versus virtualization-based security for BYOD.

Much attention has been focused on the MDM approach, due to its ability to enforce security policies on mobile devices and to protect the data (including remote wipe), among other things. The current Cisco SecureX solutions support this approach. You may find the newly published Cisco Unified Access Design Guide helpful, especially as you look into specific BYOD access issues, such as how you authenticate devices and issue digital certificates to them during the onboarding process.

In the mean time, virtualization provides another promising avenue to BYOD security. By using a virtualized collaboration environment, you can move end-user workloads into the data center. Suddenly the focus shifts from securing tons of BYOD devices and the data they carry to securing a centralized virtual environment, which is more manageable in most cases. I’m impressed with how proven security technologies such as 802.1X can now be implemented in a virtual environment. In addition, the virtualization approach avoids some of the MDM provisioning and management related issues.

I know that some of you are probably thinking about the challenges with the virtualization approach. One encouraging aspect is that the latest solution adds much more robustness and security to the original virtual desktop infrastructure (VDI) technology. Let’s join Pat Calhoun (VP & GM, Cisco) and Chris Christiansen (VP, IDC) – speakers of the webcast on Nov 8 – to chat live on these exciting issues.

Click here to register and see you at the webcast!

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Hi Cesare and Andy. Indeed, it seems that things come full circle. Virtualization and cloud computing resemble remarkably what mainframe computing was doing. The virtualization approach certainly has its challenges, but it is getting better. Thanks for sharing your thoughts.

  2. Steven, you seem to be saying that VDI technology on mobile devices will make them more secure. That’s probably true, but it’s not far removed from arguing that PC’s would be a lot more secure if we just used 3270 terminal applications for everything instead of those pesky local apps.

  3. It seems completely logical to shift the security policies from being location based to identity based. I am amazed that so many enterprises have relied entirely on IP addresses when securing access, this tells nothing about the identity of the person or the application that request this access. There are companies that are still providing unrestricted access to their network resources when someone is inside the network. This is also known as candy-bar security, hard on the outside (as protected by an external firewall or other security appliance) and soft on the inside, i.e. once you are inside the perimeter there is no protection at all. I hope that SecureX architecture will be a wake-up call to many IT professionals.