Rx for mthreats in Today s Healthcare Institutions. Daniel W. Berger, President and CEO, Redspin, Inc. P: 805.576.7158 E: dberger@redspin.

Similar documents
Dell Bring Your Own Device

Ibrahim Yusuf Presales Engineer at Sophos Smartphones and BYOD: what are the risks and how do you manage them?

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE

Five Best Practices for Secure Enterprise Content Mobility

North Carolina Health Information Management Association February 20, 2013 Chris Apgar, CISSP

anywhere, anytime expectations Bring Your Own Device goes mainstream enabling mobility critical for success changing security landscape

10 Mobile Security Requirements for the BYOD Enterprise

Guideline on Safe BYOD Management

10 best practice suggestions for common smartphone threats

Securing Healthcare Data on Mobile Devices

Mobile Device Security Is there an app for that?

10 Mobile Security Requirements for the BYOD Enterprise

If you can't beat them - secure them

BYOD(evice) without BYOI(nsecurity)

My CEO wants an ipad now what? Mobile Security for the Enterprise

Analysis of the Mobile Endpoint Security Products Market Tackling the Shift to Mobility with a Strong Endpoint Security Solution.

Five Best Practices for Secure Enterprise Content Mobility. Whitepaper Five Best Practices for Secure Enterprise Content Mobility

Emerging threats for the healthcare industry: The BYOD. By Luca Sambucci

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo.

EMBRACING THE AGE OF MOBILITY

Taking Charge with Apps, Policy, Security and More. October 16, 2012 Sheraton Denver Downtown Hotel Denver, CO

Feature BYOD - MOBILITY GOES VIRAL

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014

How Technology Executives are Managing the Shift to BYOD

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE

How To Secure Your Mobile Devices

Embracing Complete BYOD Security with MDM and NAC

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

Secure Your Mobile Workplace

10 Quick Tips to Mobile Security

Mobile Madness or BYOD Security?

Control Issues and Mobile Devices

Hands on, field experiences with BYOD. BYOD Seminar

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

What Is BYOD? Challenges and Opportunities

BYOD AND ME. How cell phone hacking effects your business.! Richard Rigby CEO Wraith Intelligence

Device Independence - BYOD -

Security and Compliance challenges in Mobile environment

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Internet threats: steps to security for your small business

White Paper. Data Security. The Top Threat Facing Enterprises Today

Mobile Device Management

How To Protect Your Mobile Devices From Security Threats

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

Enabling Secure BYOD How Fortinet Provides a Secure Environment for BYOD

IBM Endpoint Manager for Mobile Devices

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

Conducting a Risk Assessment for Mobile Devices

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Mobile Security Challenge Emerges Smart IT Leaders Evaluating Pervasive Security Options

Use Bring-Your-Own-Device Programs Securely

How to Secure Your Environment

Protect Your Mobile World

Data Protection Act Bring your own device (BYOD)

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Why Encryption is Essential to the Safety of Your Business

Bring Your Own Device (BYOD) and Mobile Device Management.

Protecting Android Mobile Devices from Known Threats

Detecting Cyber Attacks in a Mobile and BYOD Organization

Mobile Device Security in Healthcare

The Truth About Enterprise Mobile Security Products

EndUser Protection. Peter Skondro. Sophos

6 Things To Think About Before Implementing BYOD

The Holistic Guide to BYOD in Your Business Jazib Frahim

SANS Mobility/BYOD Security Survey

Mobile Security BYOD and Consumer Apps

The Cloud App Visibility Blindspot

Enterprise Mobility Management: A Data Security Checklist. Whitepaper Enterprise Mobility Management: A Checklist for Securing Content

Cyber Security An Exercise in Predicting the Future

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Practical Attacks against Mobile Device Management Solutions

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Mobile Security: Top Five Security Threats for the Mobile Enterprise and How to Address Them

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

THE BYOD SURVIVAL GUIDE 5TIPS FOR PRACTICING SAFE MOBILE FILE ACCESS AND COLLABORATION

Chris Boykin VP of Professional Services

Risk and Opportunities in EMR Technology

Cyber Security. John Leek Chief Strategist

A number of factors contribute to the diminished regard for security:

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Tuesday, June 5, 12. Mobile Device Usage

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices

5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet

Best Practices for Secure Mobile Access

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Cisco BYOD Smart Solution: Take a Comprehensive Approach to Secure Mobility

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It

Smart Givaudan. From BYOD experience to new mobile opportunities

Securing mobile devices in the business environment

MOBILE SECURITY ROCK SOLID OR AT RISK?

Mobile Device Deployments-The Security Dangers of Technology on the Go

Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility.

BYOD report. Comms-care commissioned survey highlighting the change in Bring Your Own Device (BYOD) issues over the past twelve months

BYOD policy roadmap: Directions you can t ignore. Bring your own device (BYOD) is both an IT blessing and a curse.

A number of factors contribute to the diminished regard for security:

Protecting Content and Securing the Organization Through Smarter Endpoint Choices

Deep Dive BYOD, COPE & MDM

Transcription:

Rx for mthreats in Today s Healthcare Institutions Daniel W. Berger, President and CEO, Redspin, Inc. P: 805.576.7158 E: dberger@redspin.com

Meaningful Healthcare IT Security Technical Expertise Penetration Testing Web Application Security HIPAA Risk Analysis Mobile/Wireless Security Security Awareness Training Healthcare Experience Conducted HIPAA Security Risk Analysis at ~100 hospitals in past 18 months Soon-to-be published paper: Is PHI Data Security Really Possible in a Mobile World?

The Mobility Explosion Devices and Connectivity As of Q1 2012, 50.4% of all U.S. wireless subscribers had a smartphone (Nielsen) Nearly 1/3 of mobile workers use more than 1 mobile device # of public Wi-Fi hotspots doubled in 2011 U.S. tablet users will double this year to ~70 million, about 29% of all internet users (emarketer)

The Mobility Explosion Applications and Trends Email access via mobile rose 36% in past year (Comscore) >500,000 apps in Apple Store, >200,000 in Android Marketplace Lots of cloud services Word documents, spreadsheets, PowerPoints, embedded cameras, JPG, video, etc. Smartphones and Tablets (lightweight O/S) will surpass desktop as primary user interface in enterprise computing by 2015 (Gartner) 80% of doctors use mobile devices, primarily smartphones and tablets (Float Mobile)

Social Connectivity: Anyone, Anywhere, Anytime Source: Frost & Sullivan

Evolutionary Change? What were once vices are now habits. - The Doobie Brothers

BYOD: HYPE OR REVOLUTION? Are your employees armed and dangerous? (They seem like such nice, well-meaning people)

Lots of Vendor Propaganda Publication The Ten Commandments of BYOD 10 Mobile Security Requirements for the BYOD Enterprise BYOD in Healthcare Organizations: Top 6 Risks & How to Avoid Them Addressing BYOD Security and Compliance through Mobile Risk Management How to Enable Secure Access for BYOD at Work Rogue Mobile Apps: Trends, Threat Review and Remedies for BYOD Challenge Strong Authentication: Transforming BYOD challenge to BYOD opportunity Vendor Fiberlink Accellion IBM Fixmo Dell SonicWall RiskIQ VASCO Data Security

BYOD Became an Olympic Sport

The Risks Are Real 37% of U.S. information workers are using BYOD at work before policies are in place Forrester Research, 1/11 46% increase in development of mobile device malicious software 80% of CIO s believe BYOD use increases a company s vulnerability to attack McAfee, 2/11 Ovum 11/10

The Threats Are Increasing Mobile Operating System Exploits 2006-2011 Source: IBM X-Force Research and Development

The Curious Case of PHI

The Curious Case of PHI It s meant to be portable Lots of needs for legitimate access Priority is availability, integrity, confidentiality (not CIA) Once breached, nearly impossible to cure Breaches can have serious medical consequences, even life or death A 9% rise in use of smartphones by doctors resulted in a 32% rise in data breach (Manhattan Research, 12/11)

Security Crossroads

Secure Every Device?

Risk Your Career? "I told our CEO he should fire me if this doesn't work Dale Potter, CIO Ottawa Hospital

Put the Brakes On? Does Your Policy Allow Employees to Use Personal Mobile Devices for Work? some CIOs need to put the brakes on BYOD initiatives until they can get policies and education in place. State of Mobile Security, InformationWeek, May 2012

The Facts of (Mobile) Life Consumer devices are already at work. (Oh yes they are) Employees want to be able to use them for both personal use and work. (So ultimately they will) The risk is already here. (Like, yesterday)

We have met the enemy and he is us. - Pogo

BYOD Security Risk Analysis

Typical Network Security Policies

Securing the Data User authentication Encryption VPN Clients Secure Email/Text messaging Antivirus and Malware Sandboxing Lost or stolen phone/table (remote wipe) Mobile Device Management System - Config control (including security features) - Patch management - Control network use based on user privileges - Integrate into help desk

The New Paradigm User Centric Collaborative Device Centric Authoritative

Devices Aren t Mobile, Humans Are

Securing the People Policy Who s responsible? Legal? HR? IT? Security? Lack of precedence Involve users in creating policy Training All users need education on how to utilize a device on the network as part of a BYOD strategy Intel found 100% employees would accept behaviour modification and training in return for freedom to use devices IT employees also need training on how to deal with specific scenarios

Final Thoughts Resistance is Futile Compromise is Inevitable Managing Security = Reducing Risk People are the New Endpoints

Employee BYOD Use Survey (Free) http://mobile.redspin.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information