Mobile
Commentary
11/19/2012
09:58 AM
Paul Cerrato
Paul Cerrato
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

BYOD: Is Mobile Device Management The Answer?

With so many doctors bringing their smartphones and tablets to work and patient data breaches reported all the time, IT managers need to make the right choices.

IW 500: 10 Healthcare IT Innovators
IW 500: 10 Healthcare IT Innovators
(click image for larger view and for slideshow)
Of all the issues that keep health IT managers awake at night, it's hard to find one more vexing than mobile device management. A recent survey of healthcare providers makes that painfully obvious.

Security and management concerns are top of mind for many these organizations, according to a KLAS report. The study, "Mobile Healthcare Applications: Can Enterprise Vendors Keep Up?", asked 105 respondents, most of whom were C-level managers, about their use of mobile technology in hospitals and found that securing personal devices via MDM software is one of their top concerns.

When the execs were asked what their organizations are looking to do to secure personal devices used at work, data encryption was the number 1 response. MDM was number 2, which, according to Eric Westerlind, the report's author, is telling. Since the use of encryption is already widespread, the high interest in MDM is promising, Westerlind says.

"[Providers] are concerned with making sure tablets are secure, and it's difficult because it's a personal device," he says. "Whatever they install can't be too intrusive, and sometimes that can be an issue with MDM. But when you're dealing with patient information, anything that contains data covered by HIPAA needs to be secured, and those devices need to be able to be wiped clean."

[ How can patient engagement help transform medical care? Check out 5 Healthcare Tools To Boost Patient Involvement. ]

Ken Kleinberg, a health IT consultant with the Advisory Board, told InformationWeek Healthcare that the operating systems of mobile devices have more robust security features than the legacy Windows systems found in hospitals. But he emphasizes that hospitals need strong BYOD security policies, including mobile application management tools. "It's not just that you're going to control the configuration on the device; you're also going to control what application can be loaded on that device," he says.

A hospital's IT organization can give doctors a list of the applications it has vetted, Kleinberg notes. If a doctor wants to use a document reader, for instance, the hospital might suggest one. If he wants to use a dosing calculator, it might suggest three apps and make them available on its application server.

During interviews with several IT pros, it became obvious that when the conversation turns to MDM, one size doesn't fit all. Rather than choose an MDM product, Beth Israel Deaconess Medical Center has for now "settled on enforcing tight security policies through Exchange ActiveSync," says BIDMC CIO John Halamka. "It is highly likely we are capturing most, if not all, BYODs that access BIDMC resources, as email is by far the most frequently used application," Halamka says. "We really do not have other applications that have been customized to run on smartphones and tablets. Our applications are native to the Web, so the ability to install and manage mobile applications is not something we've encountered as a problem yet."

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SusuE709
50%
50%
SusuE709,
User Rank: Apprentice
7/6/2013 | 4:33:19 PM
re: BYOD: Is Mobile Device Management The Answer?
is it true existing smart phone applications that accurate?
susu
Demax medical
50%
50%
Demax medical,
User Rank: Apprentice
12/3/2012 | 4:05:52 AM
re: BYOD: Is Mobile Device Management The Answer?
In my view, i think body and mobile devices should stay away from medical records..
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/29/2012 | 4:46:19 PM
re: BYOD: Is Mobile Device Management The Answer?
The industry will never get to your proposed "tested/trusted platform". A totally secure device is a virtual impossibility. With the exception of one that is never used...

SSL and ipSec at their core are secure technologies when implemented correctly. Otherwise, they would not be in such wide use.

The problem is, that hackers can find other ways to compromise a device and eventually take it over. If that happens, then no amount of security technology will help you.

To sum up, mobile devices are now and will continue to be used in our world. We just have to be vigilant in how we provision and use them and know when to raise our hands when things go terribly wrong that we cannot ourselves handle.
jaysimmons
50%
50%
jaysimmons,
User Rank: Apprentice
11/27/2012 | 7:28:30 AM
re: BYOD: Is Mobile Device Management The Answer?
Hello AustinIT,

It seems that even with your safeguards of SSL and IPSec (which both have their flaws and can by hacked/bypassed) and using RDP to access information, you're still at risk simply because of the mobile platform. One good example of this would be phones with NFC which can be infected by a known exploit to Android (as shown at Black Hat hacking conference this year) and other known exploits to various mobile OSes. Sure there's no data on the mobile device, but if you have control of the device then you have access to the remote data while logged in through that device. There's also the very real possibility of stealing the device and gaining temporary access until the access is turned off. For the most part, BYOD and mobile devices should stay away from medical records in my opinion... at least until there is a tested/trusted platform. The risks are too high, and the data is simply too valuable.

Jay Simmons
Information Week Contributor
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/23/2012 | 2:55:20 PM
re: BYOD: Is Mobile Device Management The Answer?
Well, for one thing, you cannot avoid public wireless networks altogether. That would preclude your mobile users from accessing some resources necessary to do their jobs. What you must do then, is to secure everything using VPN connections whether SSL or ipSec.

Our larger clients are mostly in the medical field. So, we run all data critical apps internally on Servers using RDP over VPN connections. No data hits the mobile devices that way. MDM is mostly via Microsoft mangement apps and EAS.

MDM is an area that needs a great deal of work to build a platform that can uniformly and securely manage the plethora of devices out in the field. A vendor that succeeds here, will make a ton of money.
pragatichaplotjain
50%
50%
pragatichaplotjain,
User Rank: Apprentice
11/23/2012 | 6:19:17 AM
re: BYOD: Is Mobile Device Management The Answer?
Absolutely I agree, an IT administrator must have access and control on BYOD devices accessing the corporate network. I also believe BYOD employees must access corporate resources over a secured tunnel and avoid public wireless networks to maintain data integrity.

How are you managing BYOD devices in your org? Which MDM solution do you use? What are the key points you like about your BYOD program?
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/22/2012 | 3:42:39 PM
re: BYOD: Is Mobile Device Management The Answer?
Re-read my comments and you will see that I said nothing about dumping BYOD. My point was "who is really in control here". You cannot control employee's smart phone choice (and by extension other devices). But, you can control whether (or not) they are allowed to connect to your internal network.

It makes zero sense to just let any device access your network without you being in control of it. Now does it?
pragatichaplotjain
50%
50%
pragatichaplotjain,
User Rank: Apprentice
11/22/2012 | 11:05:35 AM
re: BYOD: Is Mobile Device Management The Answer?
BYOD is not a mistake and network security is also very important. But for the sake of the latter one does not need to dump BYOD. It would be an inappropriate call as you really cannot control your employees smartphone use. Instead of staying in the dark, IT must wake up and deploy mobile device management solutions to push some management controls on these mobile devices.

Also, I think its more apt to tell your employee X set of devices are supported and Y are not. This way you listen to them and they will listen to you.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/21/2012 | 6:45:54 PM
re: BYOD: Is Mobile Device Management The Answer?
BYOD provides a great deal of flexibility in the types of endpoint devices that make their way into the hands of users. However, we seem to be allowing this movement to "wag the dog" so to speak.

It is a huge mistake to allow BYOD to supersede the absolute requirement to protect and secure internal systems and the data they contain. Sometimes an end user will just have to be told... NO, not right now... and accept it.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.