This page contains a Flash digital edition of a book.
8 Make the Most of


Native Device Security BlackBerry devices are popular


within healthcare in part due to their robust native security and management. But other smartphones are catching up quickly. Today, every major mobile operating system (OS) incorporates native device security capabilities that can implement many—but not all—essential mobile security best practices. Research in Motion’s BlackBerry


devices run a proprietary OS that enables secure management via BlackBerry Enterprise Server (BES). Each user is bound to a policy, which is pushed to the device upon activation. BES makes it easy to centrally deploy applications and policies such as mandating passwords, wiping data from long- unused devices, and enabling content protection. An option to unlock BlackBerry


devices with wearable smart card readers can also be attractive to healthcare professionals. However, the BlackBerry PlayBook tablet cannot yet be managed or secured this way. Instead, the PlayBook serves as an extended user interface to data on a paired BlackBerry. A descendent of Microsoft


Windows Mobile and WinCE, Windows Phone 7 runs on devices manufactured by Motorola, Samsung, and others. The healthcare industry has long used WinCE on purpose- built medical devices, but physicians who carry Windows Phone 7 will have an entirely different experience. Windows Phone 7 policies can be configured via Microsoft Exchange ActiveSync (EAS), including password or smart card access control, SD card encryption and remote wipe. These policies can be managed by an Exchange Server or System Center Mobile Device Manager (MDM). However, although Windows Mobile 6.5 supports hardware encryption, Windows Phone 7 does not.


Apple iOS4 runs on iPhone, iPad,


and iPod touch devices. Although early iPhones offered no central management and light-weight security, iOS4 includes a native management API, which enables third-party MDM control over an extensive set of profiles. Native security settings that can be enforced for the iPhone 3GS+ include passcode complexity/timeout, remote lock/ find/wipe, and hardware encryption. Alternatively, EAS can be used to enforce a few basic attributes. Apple tightly controls application access to the OS and device features, inhibiting both malware and anti-malware. Google’s Android 2.3 (Gingerbread)


OS runs on devices manufactured by HTC, Samsung, and others. Like early iPhones, Android 2.3 devices support lightweight security policies, including EAS-enforceable passwords and remote lock/wipe. Android 3.x (Honeycomb) runs on just a few tablets today, where it can also enforce hardware encryption. Third parties have filled some Android security gaps—for example, storing data in encrypted containers—but healthcare organizations should clearly exercise caution on Android.


Fill the Gaps with


3rd-Party Apps To ensure that mobile security


best practices address higher-risk scenarios, healthcare organizations can augment native capabilities with third-party defenses. This may be done for many reasons, including back-filling essential gaps, implementing more granular policies, increasing automation, or improving visibility and reporting. For example, third-party biometric


or proximity-based authentication can strengthen access control while facilitating frequent hands-free device use. Even when native encryption is available, but especially where it is not, applications with their own authenticated, encrypted data


© KONSTANTIN YUGANOV


containers can make it easier to reliably track and erase regulated data. Furthermore, although smartphones are always-connected devices, they lack basic notebook network defenses such as personal firewalls, anti-spam and anti-malware. Third-party security agents can add these while adjusting to OS and hardware differences. Given limited battery life and storage, consider applying some defenses in the cloud instead.


Don’t Overlook the


Role of Management Finally, management is a critical


enabler for mobile security. As mobile populations grow more diverse, maintaining dedicated management systems and policies per mobile OS becomes inefficient. Instead, consider multi-platform MDMs that can deliver IT visibility and enforce policy compliance for an entire mobile workforce, from iOS4 and Android to Windows Phone and BlackBerry. For example, a multi-platform MDM can establish one central repository for compliance reporting, generating weekly reports that detail when every enrolled device last checked in and whether it was (still) encrypted. This consolidation can facilitate efficient reporting in regulated industries like healthcare. As we’ve seen, smartphones and


tablets offer native capabilities that can implement many essential mobile security best practices, thereby managing risks associated with mobile devices in healthcare environments. Employee-owned consumer devices do make security and management more challenging. Some users and tasks will continue to require IT-issued and managed devices. However, healthcare organizations have much to gain by finding new ways to safely expand mobility, without placing regulated data at risk.


CONNECTION


VOLUME 2 • ISSUE 1


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36