Mobile
Commentary
11/19/2012
09:58 AM
Paul Cerrato
Paul Cerrato
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

BYOD: Is Mobile Device Management The Answer?

With so many doctors bringing their smartphones and tablets to work and patient data breaches reported all the time, IT managers need to make the right choices.

For those healthcare providers that do require native mobile apps for their physicians, several vendors offer MDM platforms to address security threats.

Bob DeLisa, president of Cooperative Systems, a Connecticut-based IT support and consulting firm, offers some advice on choosing a system. He tells clients choosing an MDM tool to base their decision "on the age and scalability of your current infrastructure." DeLisa says to take a look at Meraki, for instance, when doing an infrastructure upgrade and server-based solutions like Good, MobileIron, or BoxTone if they've recently upgraded.

Many hospitals and practices prefer to install a custom-built BYOD solution, but those that want to go with an MDM vendor must weigh a long list of issues. Among the technical issues:

-- Which mobile operating systems do you need to support?

-- Do you plan to host the MDM system on your network?

-- What email system do your clinicians use, and will it be compatible with the MDM tool?

-- Will the MDM software enable you to remain HIPAA-compliant?

-- What are the software's lock and wipe capabilities?

-- Will you use the MDM tool to push out other apps that clinicians insist on using to manage patients?

Most of these questions are outlined in an Avema Critical Wireless Buyer's Guide, which Halamka mentioned in a recent email exchange.

George Brenckle, CIO at UMass Memorial Healthcare in Worchester, Mass., takes a different approach to BYOD. He prefers to focus on managing data rather than managing devices, which is one reason UMass has switched to a virtual desktop approach. With all of its sensitive patient data on hospital servers, there's no risk of breaches from stolen or lost iPads and laptops.

What about commercial MDM products? Brenckle says the challenge is trying to keep one step ahead of the rapidly changing mobile device ecosystem. "So you invest in one of these MDM tools and it's working well, and suddenly a new tablet or smartphone comes on the market that the tool isn't equipped to manage," he says.

BOYD isn't going away -- and why would we want it to? It helps clinicians provide better, speedier patient care and has no doubt saved lives on occasion. Once you find the right IT solution, it will certainly save you some sleepless nights as well.

Clinical, patient engagement, and consumer apps promise to re-energize healthcare. Also in the new, all-digital Mobile Power issue of InformationWeek Healthcare: Comparative effectiveness research taps the IT toolbox to compare treatments to determine which ones are most effective. (Free registration required.)

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
SusuE709
50%
50%
SusuE709,
User Rank: Apprentice
7/6/2013 | 4:33:19 PM
re: BYOD: Is Mobile Device Management The Answer?
is it true existing smart phone applications that accurate?
susu
Demax medical
50%
50%
Demax medical,
User Rank: Apprentice
12/3/2012 | 4:05:52 AM
re: BYOD: Is Mobile Device Management The Answer?
In my view, i think body and mobile devices should stay away from medical records..
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/29/2012 | 4:46:19 PM
re: BYOD: Is Mobile Device Management The Answer?
The industry will never get to your proposed "tested/trusted platform". A totally secure device is a virtual impossibility. With the exception of one that is never used...

SSL and ipSec at their core are secure technologies when implemented correctly. Otherwise, they would not be in such wide use.

The problem is, that hackers can find other ways to compromise a device and eventually take it over. If that happens, then no amount of security technology will help you.

To sum up, mobile devices are now and will continue to be used in our world. We just have to be vigilant in how we provision and use them and know when to raise our hands when things go terribly wrong that we cannot ourselves handle.
jaysimmons
50%
50%
jaysimmons,
User Rank: Apprentice
11/27/2012 | 7:28:30 AM
re: BYOD: Is Mobile Device Management The Answer?
Hello AustinIT,

It seems that even with your safeguards of SSL and IPSec (which both have their flaws and can by hacked/bypassed) and using RDP to access information, you're still at risk simply because of the mobile platform. One good example of this would be phones with NFC which can be infected by a known exploit to Android (as shown at Black Hat hacking conference this year) and other known exploits to various mobile OSes. Sure there's no data on the mobile device, but if you have control of the device then you have access to the remote data while logged in through that device. There's also the very real possibility of stealing the device and gaining temporary access until the access is turned off. For the most part, BYOD and mobile devices should stay away from medical records in my opinion... at least until there is a tested/trusted platform. The risks are too high, and the data is simply too valuable.

Jay Simmons
Information Week Contributor
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/23/2012 | 2:55:20 PM
re: BYOD: Is Mobile Device Management The Answer?
Well, for one thing, you cannot avoid public wireless networks altogether. That would preclude your mobile users from accessing some resources necessary to do their jobs. What you must do then, is to secure everything using VPN connections whether SSL or ipSec.

Our larger clients are mostly in the medical field. So, we run all data critical apps internally on Servers using RDP over VPN connections. No data hits the mobile devices that way. MDM is mostly via Microsoft mangement apps and EAS.

MDM is an area that needs a great deal of work to build a platform that can uniformly and securely manage the plethora of devices out in the field. A vendor that succeeds here, will make a ton of money.
pragatichaplotjain
50%
50%
pragatichaplotjain,
User Rank: Apprentice
11/23/2012 | 6:19:17 AM
re: BYOD: Is Mobile Device Management The Answer?
Absolutely I agree, an IT administrator must have access and control on BYOD devices accessing the corporate network. I also believe BYOD employees must access corporate resources over a secured tunnel and avoid public wireless networks to maintain data integrity.

How are you managing BYOD devices in your org? Which MDM solution do you use? What are the key points you like about your BYOD program?
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/22/2012 | 3:42:39 PM
re: BYOD: Is Mobile Device Management The Answer?
Re-read my comments and you will see that I said nothing about dumping BYOD. My point was "who is really in control here". You cannot control employee's smart phone choice (and by extension other devices). But, you can control whether (or not) they are allowed to connect to your internal network.

It makes zero sense to just let any device access your network without you being in control of it. Now does it?
pragatichaplotjain
50%
50%
pragatichaplotjain,
User Rank: Apprentice
11/22/2012 | 11:05:35 AM
re: BYOD: Is Mobile Device Management The Answer?
BYOD is not a mistake and network security is also very important. But for the sake of the latter one does not need to dump BYOD. It would be an inappropriate call as you really cannot control your employees smartphone use. Instead of staying in the dark, IT must wake up and deploy mobile device management solutions to push some management controls on these mobile devices.

Also, I think its more apt to tell your employee X set of devices are supported and Y are not. This way you listen to them and they will listen to you.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/21/2012 | 6:45:54 PM
re: BYOD: Is Mobile Device Management The Answer?
BYOD provides a great deal of flexibility in the types of endpoint devices that make their way into the hands of users. However, we seem to be allowing this movement to "wag the dog" so to speak.

It is a huge mistake to allow BYOD to supersede the absolute requirement to protect and secure internal systems and the data they contain. Sometimes an end user will just have to be told... NO, not right now... and accept it.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.