Disclosing are a client and method for maintaining BYOD security. The client comprises: a device and user identity authentication module configured to perform identity authentication on a user according to the authentication method selected, from pre-set authentication methods, by the user using a mobile device when said mobile device attempting to access is determined to be a legitimate device; a mobile device management system configured to provide management operations during the complete life cycle of the mobile device, the management operations comprising: a permanent online push message service.