Jurisdiction - Singapore
Singapore – MAS Circular On IT Security Risks Posed By Personal Mobile Devices.

15 October, 2014


Legal News & Analysis – Asia Pacific – Singapore  Regulatory & Compliance


The Monetary Authority of Singapore has recently issued Circular No. SRD TR 02/2014 (“Circular”), “IT Security Risks Posed by Personal Mobile Devices” to address the rising practice among financial institutions of enabling their employees to access corporate email, calendars, applications, and data from their personal mobile devices.

The Circular deals with the risks associated with such “Bring Your Own Device” (“BYOD”) practices, in particular, securing, monitoring, and controlling employees’ personal devices. It states that financial institutions should not proceed with the BYOD implementation if they are unable to adequately manage the associated security risks. In addition, regular vulnerability assessment and penetration testing must be carried out on the BYOD infrastructure to ensure that any security gaps are identified and rectified promptly.

The Circular also describes the following two common ways to address BYOD security:


  • Mobile Device Management (“MDM”): MDM solutions are used to manage and control mobile devices used to access business resources. Before a mobile device is permitted to access the corporate network, the device is verified to ensure that its operating system has not been modified to remove manufacturer-imposed restrictions or has been otherwise compromised. MDM solutions usually come with storage encryption and “lock and wipe” capabilities. MDM solutions could also manage corporate applications, data, policies, and settings within a restricted operating system or “sandbox” environment. A robust MDM solution should be implemented for all BYOD arrangements.


  • Virtualisation: Virtualisation allows employees to have on-demand access to enterprise computing resources and data from their mobile devices using strong authentication and network encryption. Corporate data is not downloaded into the mobile device as it is processed within the corporate data centre. Strict security policies could also be enabled within the virtual environment to restrict copying and use of peripheral devices, such as printers or removable attached storage, to help further prevent data leakage.




For further information, please contact:


Elaine Chan, Partner, WongPartnership

[email protected]


Joy Tan, Partner, WongPartnership

[email protected]


Regulatory & Compliance Law Firms in Singapore

Comments are closed.