Healthcare Buyers Guide: Mobile Device Management

Similar documents
How To Manage A Mobile Device Management (Mdm) Solution

IT Resource Management vs. User Empowerment

IT Resource Management & Mobile Data Protection vs. User Empowerment

Sample Mobile Device Security Policy

Managing BitLocker With SafeGuard Enterprise

IBM Endpoint Manager for Mobile Devices

Cisco Mobile Collaboration Management Service

Protecting Your Data On The Network, Cloud And Virtual Servers

Encryption Buyers Guide

Mobile Madness or BYOD Security?

RFI Template for Enterprise MDM Solutions

Symantec Mobile Management Suite

Kony Mobile Application Management (MAM)

Secure, Centralized, Simple

Kaspersky Security for Mobile

Guideline on Safe BYOD Management

How To Write A Mobile Device Policy

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Sophos Mobile Control Administrator guide. Product version: 3

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

A guide to enterprise mobile device management.

Feature List for Kaspersky Security for Mobile

Symantec Mobile Management 7.1

McAfee Enterprise Mobility Management

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

Mobile Device Management for CFAES

Windows Phone 8.1 in the Enterprise

What We Do: Simplify Enterprise Mobility

Managing and Securing the Mobile Device Invasion IBM Corporation

Introducing Databackup.com Cloud Backup. File Locker File Sharing & Collaboration EndGaurd EndPoint Protection & Device Management

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Sophos Mobile Control Administrator guide. Product version: 3.6

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Securing Enterprise Mobility for Greater Competitive Advantage

Sophos Mobile Control - Competitive Overview

Athena Mobile Device Management from Symantec

BENEFITS OF MOBILE DEVICE MANAGEMENT

ForeScout MDM Enterprise

The ForeScout Difference

IT Self Service and BYOD Markku A Suistola

EasiShare Whitepaper - Empowering Your Mobile Workforce

Sophos Mobile Control Startup guide. Product version: 3.5

Enterprise Mobility as a Service

Symantec Mobile Management 7.2

Choosing an MDM Platform

Symantec Mobile Management 7.1

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

When enterprise mobility strategies are discussed, security is usually one of the first topics

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

Symantec Mobile Management for Configuration Manager 7.2

[BRING YOUR OWN DEVICE POLICY]

Kaspersky Security for Business

KASPERSKY SECURITY FOR BUSINESS

AirWatch Solution Overview

Codeproof Mobile Security & SaaS MDM Platform

Strengthen Microsoft Office 365 with Sophos Cloud and Reflexion

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.

CHOOSING AN MDM PLATFORM

Sophos Mobile Control Startup guide. Product version: 3

Whitepaper. How MSPs are Increasing Revenues by Solving BYOD Issues. nfrascaletm. Infrascale Phone: Web:

Windows Phone 8.1 Mobile Device Management Overview

Deploying iphone and ipad Mobile Device Management

Systems Manager Cloud Based Mobile Device Management

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

Mobile First Government

6 Things To Think About Before Implementing BYOD

Managing Mobility. 10 top tips for Enterprise Mobility Management

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

STRONGER AUTHENTICATION for CA SiteMinder

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Mobile device and application management. Speaker Name Date

Sybase Afaria. Comprehensive Management and Security for the Mobile Enterprise PRODUCT BROCHURE.

I D C V E N D O R S P O T L I G H T. T a m i n g t h e C onsumerization of IT w ith C l o u d - B a s e d M obile De vi c e M a n a g e ment

EOH Cloud Mobile Device Management. EOH Cloud Services - EOH Cloud Mobile Device Management

EndUser Protection. Peter Skondro. Sophos

Sophos Mobile Control User guide for Apple ios. Product version: 4

The Maximum Security Marriage:

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

Advanced Configuration Steps

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Bell Mobile Device Management (MDM)

Transcription:

Healthcare Buyers Guide: Mobile Device Management Physicians and other healthcare providers see value in using mobile devices on the job. BYOD is a great opportunity to provide better and more efficient patient care. But mobile devices also present a risk to PHI. How do you enable secure access from mobile devices without hindering doctors on the job? In this guide we walk you through the factors you need to consider to find a mobile device management solution that best fits your needs.

How do you say yes to BYOD and protect PHI? Mobile device management (MDM) solutions allow IT organizations to centrally manage, monitor and support mobile devices. These devices may include smartphones and tablets from several device manufacturers and OS developers. By using an MDM solution to control and protect the data and configuration settings on physicians mobile devices, you can reduce the support costs and business risks of bring your own device (BYOD) policies. The right MDM solution means you can say yes to BYOD without increasing the risk of PHI loss and the IT workload. BYOD risks and rewards Healthcare organizations and physicians alike are realizing the benefits of BYOD policies. When healthcare providers are allowed to work on their personally owned devices, they simply get more done. The comfort associated with a device the physician knows and prefers increases productivity both inside and outside the organization, both working from home and at private practices outside your network and control. Clinicians want to use their personal smartphones and tablets. BYOD enables more effective and efficient patient care. They will not tolerate anything less. They don t want to be limited to what the organization provides, or have to learn or carry a second device. As a result, healthcare organizations that promote a BYOD policy attract tech-savvy applicants. But as with any technology trend, there are issues that stand in the way of benefits. BYOD brings two key challenges: data protection and management. Data protection: With protected health information (PHI) flowing to and from devices that can be easily lost or stolen, and across public networks, protecting data becomes a paramount concern. You need to know what data is being accessed and by whom, and control that access to maintain compliance. Management: IT staffs need a way to control the devices used to access healthcare data regardless of who owns them. If physicians are using personal devices, that means managing multiple device platforms and operating systems. This can be a significant drain on IT resources. Managing them individually is not a viable option. 2

What to look for in an MDM solution provider You know you need to control and secure mobile devices. But do you know how to choose a provider? The control and security capabilities you ll find in MDM solutions are dictated by what mobile operating systems vendors allow. In fact, buyers should be wary of MDM vendors that claim they can circumvent explicit OS limitations. This is probably not true, or it applies only to jailbroken (ios) or rooted (Android) devices. That being the case, how do you evaluate MDM solution providers? We recommend considering the following factors. Does the provider have its roots in security? It is difficult to differentiate MDM solutions based only on feature set. You will find only small differences, and they are largely in how those features are exposed to the administrator. This is because features are based on the mobile device operating systems. Those are features that the MDM provider doesn t control and will change in a matter of months with the next OS upgrade. However, MDM solution providers do have some control over the security features they offer. This is a critical differentiator between solution providers. A provider that is not rooted in security is challenged to develop or acquire antimalware capabilities, for example. As you look at MDM solutions, consider the provider s ability to provide robust security now and in the future. Does the provider have a flexible deployment model? The clinical environment extends beyond the walls of your organization. Physicians must access PHI from remote clinics, home offices and private practices. The MDM solution needs to be deployable and manageable in those environments as well as your own. The provider should offer a choice of deployment models, including on-premise for larger deployments. While on-premise requires an upfront CAPEX investment and OPEX, these deployments are fully integrated into the organization s IT, allowing for more granular control. On-premise deployments typically use an EAS proxy, Active Directory, an LDAP connection, and offer backup options. While on-premise is the most common delivery model, it s not the only option. Some MDM providers offer their software as a service. Software as a service (SaaS) is great for organizations that need to get up and running quickly. No onsite installation or maintenance is necessary, saving you on time to deploy. As there are no changes to the local IT environment and no hardware investment, so you won t incur capital expenses. SaaS has grown in popularity and is an option for any size organization or user group. In fact, MDM in the cloud puts mobile device management within reach of smaller organizations and user groups that require centralized control but don t have the resources to implement and manage an on-premise deployment. Healthcare organizations should look for a solution that offers the scalability they need. 3

Is the provider s MDM solution compatible with iphone, ipad, Android, BlackBerry and Windows Mobile? Not all MDM solutions support every mobile device OS and platform. So it is important to consider the devices you want to support now and in the future. If you choose the wrong solution, you could end up separately managing a set of users or, worse, supporting end users personal devices. Administrators will have to manually control and protect the PHI and configuration settings on the mobile devices that are not supported by the MDM solution. This lowers your MDM return on investment and introduces risk. Does the provider use a lightweight MDM approach or a heavyweight container approach? There are currently three approaches to mobile security and data protection. The lightweight MDM approach secures devices through a combination of security features available in the OS and tools provided by the MDM provider. The heavyweight approach uses a proprietary container app that holds all the data and provides user functionality like email, calendar and document editing. Each approach has its own advantages and disadvantages. The heavyweight approach provides full control over the capabilities of the app, like encryption, and separation of potential PHI and personal data. But this control comes at a price. It adds a step to the logon process and places restrictions on the usability of the device. It also impacts the device s performance and battery life. Physicians will need training on the user interface, which is different. While selective wipe is easy with this approach, data in other apps are not protected. If PHI ends up in an application outside the container or if malware is loaded on the user controlled partition of the phone, you are still vulnerable. And you have no control over the devices other settings. A container approach doesn t mean you don t have to worry about the security of the device. Just as you still worry about the security of your Windows XP/7 system regardless of the medical CRM application you are running, you still have to secure the mobile device. The lightweight approach keeps the native device experience, which means less user training and better acceptance by healthcare providers. While administrators can control and configure more of the device (such as camera, app store, VPN settings, etc.), those capabilities are dictated by what the mobile OS allows. However, the lightweight approach also allows administrators to manage device inventory, compliance checks and software distribution all key to a successful BYOD policy. 4

Does the provider offer 24/7 global support? Technical support issues can crop up any time of day. Physicians work around the clock, and so should your MDM vendor s tech support. Look for a vendor that provides 24/7 local language support, with knowledgeable engineers answering the phone and short wait times (if you have to wait at all). Consider those that have been independently audited and approved by SCP (Service Capability and Performance Support Standard). SCP quantifies the effectiveness of customer service and support based upon a stringent set of performance standards representing best practices in the industry. Similarly, the vendor you choose should have a follow-the-sun research lab that analyzes the latest malware and distributes updates. Malware writers release new code around the clock. Every hour that new malware goes undetected leaves your physicians at risk. You shouldn t have to wait for standard business hours for protection. A 24-hour research lab focused on identifying and mitigating new malware helps minimize the amount of time users are at risk. Does the provider offer all-around security for your mobile workforce? An MDM solution is intended to provide centralized security and management of mobile devices, but it is just one part of an overall mobile security strategy. Mobile devices are not just limited to smartphones and tablets. You also should pay attention to other ways in which clinicians take data out of the organization such as laptops, USB drives or even collaboration solutions such as cloud storage. You are legally responsible for protecting PHI regardless of where it s stored. Many physicians and staff are looking to use cloud storage solutions like Dropbox and SkyDrive to access data files from multiple devices. That ease of use needs to be balanced with security, because those files need to be automatically protected. Encryption technologies for cloud storage allow you to automatically and invisibly encrypt files that are uploaded to the cloud. An application on mobile devices allows physicians to read the encrypted data without breaking the encryption chain of trust; thus allowing secure data sharing between mobile devices. IOS and Android readers need to be provided when encrypting data on cloud storage. Physical theft is also a concern, for mobile devices as well as desktops. An MDM solution should be able to protect these assets as well. Vendor capabilities will typically include a remote lock (if a device is misplaced), or remote wipe if you know it is lost or stolen. This needs to be able to be controlled both by IT and by the end user. To prevent PHI loss, you need to be sure that sensitive information is not stored as plain text and that no applications are installed that open up the device to vulnerabilities. You need to encrypt your data everywhere and protect devices from malware. Today s organizations are wise to consider how a vendor s mobile solutions integrate with these other solutions. Ideally, a single vendor provides an integrated suite of solutions to address all of these needs. This simplifies security administration and lowers total cost. For example, you may use the enterprise app store in your MDM solution to manage apps but also force physicians to install antivirus software. 5

MDM capabilities and features Mobile device management solutions share common capabilities. However, you ll find differences in vendors methodologies and ease of use. As you evaluate MDM solutions, consider the following capabilities and features. Keeping PHI safe The primary objective of an MDM solution is to protect sensitive data, including PHI, on mobile platforms. This is achieved by enforcing compliance with your organization s security policies. Before granting data access, mobile devices must be registered with the MDM solution. When a registered device connects, the MDM solution checks the device against a set of company rules like jailbreak detection, password configuration or inappropriate apps. Devices that comply with your security policies are granted access to data. Risk mitigation techniques limit or deny access to devices that do not comply. For example, users of non-compliant devices may be blocked from all network resources or receive an email notice and/or have limited data access. The administrator may block Active Sync, thereby blocking access to email and calendar. Some MDM solutions allow physicians to check their compliance status on the device itself (for an OS offering this capability, as in the case of ios and Android). Many mobile devices have built-in security features, like device feature restrictions (blocking the camera) and encryption (in the case of ios and Android 4). Some lightweight MDM solutions allow you to turn on these features to further protect data. For example, there are scenarios where physicians must photograph patients for evidence. These photographs are PHI and are, therefore, subject to regulatory requirements. Policy controls could be used to limit camera use to, for instance, Android smartphones that have encryption of the SD card enforced. The ability to remote wipe lost devices is critical and can be found in any MDM solution. It allows the admin to delete PHI by wiping a device that cannot be located and could be in the possession of an unauthorized user. Similarly, look for a solution that allows you to locate and lock devices from the admin web console. This allows you to find a device and prevent its use until it is back in the owner s possession. Ideally, your vendor allows physicians to locate, lock and wipe their own devices via a self-service portal. It is important, however, to educate users on locking their devices. If users think their phone will be automatically and completely wiped, they will hesitate to report a lost device to IT. The ability to control and unlock a device once it is located is key to user acceptance. 6

Managing applications An MDM solution may also enable organizations to manage the applications on mobile devices. By doing so, physicians have the appropriate tools to work smarter with minimal risk to PHI. Mobile Application Management (MAM) is primarily achieved via an enterprise app store that allows you to define the apps that clinicians can or should have installed on their devices. This can include apps that are developed in-house or medical-specific apps such as medical CRM and EMR. Ideally, an MDM solution should support ios managed apps, which became available with ios 5. This allows healthcare organizations to push apps to their users and should provide a simple way to install and delete them, including all related data, over the air from the web console. The app store should also allow you to build a blacklist of apps that you do not want physicians to have on their devices. These may be applications that pose a risk to PHI and/or user productivity. Simplified IT administration IT is already overburdened with provisioning, maintenance and support responsibilities. BYOD shouldn t increase physician productivity at the cost of IT s. Simplified IT administration is critical, and this is where you will see the most variation when evaluating MDM solutions. There are several ways that MDM solutions can simplify administration. Over-the-air (OTA) administration and management allows the IT organization to maintain mobile devices anytime, anywhere, so clinicians don t have to visit the help desk. Initial setup and configuration can also be done over the air. You should also be able to automatically assign devices to existing groups from your user directory and apply the respective policies when they are registered via a self-service portal. Centralized monitoring and control of all registered devices is a hallmark of MDM, but the ease of use and granularity of functions differ from one solution to another. Look for an MDM solution that allows you to manage all supported smartphones and tablets from one console, regardless of the operating system, service provider, network or location of the device. If you are also using BlackBerrys, it makes sense to bring the reporting data into your MDM solution so you have the full inventory overview in one place. You should be able to track and report on all registered devices, and drill down to individual configuration settings, serial numbers, model numbers, hardware details and installed applications. A dashboard view can quickly show registered devices and whether or not they re compliant with policies. Auditing allows you to easily track changes to devices and compliance status. Graphical reports should provide the most important data at a glance. For example, charts should show the percentage of compliant vs. noncompliant devices, managed vs. non-managed devices, organization-owned vs. physician-owned devices, etc., rather than require you to navigate through numerous menus to find the information. Finally, the administrative interface should be action-oriented and easy to use. Consider how many clicks are required to perform basic functions like decommissioning a device, viewing device OS distribution, and defining the OS versions supported in the app. One or two clicks maximum should be all it takes to complete these tasks. 7

Empower healthcare providers through a self-service portal A user self-service portal reduces the burden on IT and empowers device owners. Physicians can handle routine tasks themselves, such as registering their own devices and agreeing to an acceptable use policy that you define. Once registered, the MDM solution can automatically assign profiles and policies to users or groups based on their directory group membership, e.g., Active Directory. This eliminates the need for IT to be involved in any part of the device setup and configuration process. A self-service portal extends data protection capabilities to clinicians. They can remotely locate, lock or wipe their devices and reset their password without having to contact the help desk. This saves the help desk time, but it also improves the organization s overall security. Device owners are typically the first to know if their device has been lost or stolen. In the amount of time it takes for a physician to realize that they ve misplaced a device, decide to call the help desk and for the help desk to perform the remote wipe, PHI could ve fallen into the wrong hands. Giving healthcare providers the ability to locate, lock or wipe a device themselves saves valuable time. It also gives physicians time to find their device after, for example, misplacing it following a late night shift. They can lock the device to protect it until after they ve gotten some sleep and can look for it again. Finally, a user self-service portal keeps physicians informed of their device status, including their compliance state and, for example, why they no longer receive email. This cuts down on doctors contacting the help desk when the device has fallen out of compliance and email access has been blocked. To be effective, the self-service portal must be efficient and easy to use. Physicians should be able to figure out how to use it within a matter of minutes and without any training. The objective is to minimize the impact on your clinicians. An overtired doctor doesn t need to think about how to use the self-service portal to lock his phone. 8

Summary Mobile device management should enable you to manage all the devices on your network. It should also be simple to use. Use these two guidelines to find the right solution. Demo different MDM solutions and gauge for yourself their ease of use. The chart below will help you compare features and capabilities. This will help you find the vendor who can serve your healthcare organization best. What to look for in an MDM solution provider Consideration Options Deployment options On-premise deployment SaaS Platforms supported ios: iphone & ipad Android BlackBerry Windows Mobile MDM approach Lightweight Heavyweight Technical support Available 24/7 global support Technicians speak local language Quality audited Completeness of mobile security portfolio Data encryption solution Mobile malware solution Security for laptops Protection for removable media File encryption for cloud storage DLP Integrated security approach Malware research labs 9

MDM capabilities and features Capability Features to look for Data protection o Checks devices for compliance with your security policies o Offers a variety of risk mitigation techniques for non-compliant mobile devices, such as VPN blocking, email blocking, user notification, etc. o Self-service portal where clinical staff can determine their compliance status o Compliance status is indicated on the mobile device itself o Admin can turn on native platform security features o Lost devices can be located, locked or wiped from the admin console or a user self-service portal o Rooting and jailbreaking prevention Managing applications o Enterprise app store for both commercial and in-house apps o Application whitelisting and blacklisting o Over-the-air app deployment and removal Simplified IT administration o Over-the-air administration and management o Centralized management of all devices o Dashboard view of compliance status o Detailed graphical reports o Easy-to-use administrative interface User self-service portal o Users register their own devices o Users can locate, lock and wipe their devices o Users can reset their password o Users can view compliance status Sophos Mobile Control Get a free 20-day trial United Kingdom Sales: Tel: +44 (0)8447 671131 Email: sales@sophos.com North American Sales: Toll Free: 1-866-866-2802 Email: nasales@sophos.com Australia & New Zealand Sales Tel: +61 2 9409 9100 Email: sales@sophos.com.au Boston, USA Oxford, UK Copyright 2012. Sophos Ltd. All rights reserved. All trademarks are the property of their respective owners. A Sophos Buyers Guide 11.12v1.dNA

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information