IT consumerization has created a new type of management challenge for many healthcare organizations. Nurses, doctors and associates are now bringing in their own devices and asking for access into the corporate network. Now, the average user may utilize 3-4 devices to access work-related information. Whether they’re accessing a virtual application from a home PC, or launching a desktop from an iPad in a hotel – the data being transmitted must still be monitored and secured.
This is where the concept of BYOD has created a security conundrum for some healthcare IT departments. How can a security team effectively manage content and data without actually taking ownership of the endpoint? Furthermore, what if organization does own the mobile endpoint, how does one secure it against theft or data loss? With the influx of cloud computing and mobile device utilization, security companies have stepped up and are now offering very granular BYOD and cloud-ready mobile device control features. Healthcare administrators need to know that there are options out there to help control both corporate and user-based devices.
Mobile data-loss prevention (Mobile DLP) – Data loss is a serious concern for any organization. This holds especially true when HIPAA comes into the conversation. The ability to see the data moving in and out of a mobile device is crucial to maintaining data integrity. Furthermore, being able to encrypt both at rest and in motion is important. Mobile DLP goes beyond just scanning inbound and outbound data. Administrators are able to control content based on type and context. For example, iOS devices can be configured with context-aware policies which control and oversee mobile user actions such as save, print, email, email link and copy/paste.
Device interrogation – Part of the BYOD initiative must have a method to control devices coming in. Device interrogation means setting up policies which comply with your organization’s security mandates. This means that devices may have to pass three out of four interrogation policies before accessing an environment. Or, those same devices can be presented with limited content. Furthermore, healthcare security administrators are able to check if a device has the latest update, is using the latest client, has the proper A/V and even if a device has been rooted.
Cloud-ready device controls – Mobile devices present the very real threat of loss or theft. Moreover, without good controls, those devices can be broken into and have the data disseminated for malicious use. This is where cloud-ready control policies can really help. Administrators are able to do quite a bit even if the device is located remotely. Should the need arise, the device can be located and even remotely wiped. Additionally, administrators can remotely uninstall applications or remove access to certain data points as needed.
Geo-location services – Because of the mobility aspect of a user’s device, security products looking over these endpoints must be agile as well. One of the features within the mobile device management (MDM) tool bag is the ability to set policies based on the location of the device. Effectively, security administrators can set a geo-fence preventing devices access based on their immediate location.
Monitoring and reporting – Managing consumerized devices is never an easy task. Administrators need to have visibility into how these devices are accessing the central data center and what information they are pulling. This is why monitoring and reporting within an MDM solution should never be overlooked. New features allow administrators to report on device details such as location, roaming, telecom expenses, user activity (or inactivity), and any policy violations. Furthermore, these reports can analyze both user-owned as well as corporate-issues devices. In using a monitoring platform, administrators will also be able to manage inventory and analyze resource utilization of the devices accessing their network.
SDK-ready application security – Many healthcare organizations have custom applications or ones with development access. In some cases, there is the need to create custom code to further secure an application destined for the cloud and a mobile device. As part of the MDM solution, administrators are able to use the app SDK to create additional layers of mobile app security.
As consumer and endpoint technologies continue to evolve in the healthcare industry – there will be a need to utilize agile security solutions. The idea isn’t only to keep the data secure, but to also create a robust environment which does not take away from the end-use experience. Furthermore, MDM solutions can actually help end-users when they need to locate a lost phone or remotely wipe data that is no longer needed.
Security solutions have always been tasked with evolving with the needs of the business – this is why MDM and EDM platforms can be considered a part of the next-generation security movement. Healthcare organizations will try to adapt to the IT consumerization push. Using mobile device management solutions can truly help administrators gain granular control over data flow and the endpoint device while still delivering a powerful end-user computing experience.
Bill Kleyman, MBA, MISM, has heavy experience in network infrastructure management. He has served as a technology consultant and taken part in large virtualization deployments while be involved in business network design and implementation. He is currently the Virtualization Architect at MTM Technologies Inc. and his prior work includes Director of Technology at World Wide Fittings Inc.