Protecting Shared Devices
Healthcare professionals have been using shared workstations and laptops for decades to boost clinician productivity, streamline workflows and lower costs. So it should come as no surprise that this highly mobile workforce is using shared tablets at the point of care as well. But to actually gain the same benefits, organizations need to provide clinicians with fast and easy access to shared tablets while minimizing the risks that they can pose.
Healthcare professionals have been using shared workstations and laptops for decades to boost clinician productivity, streamline workflows and lower costs. So it should come as no surprise that this highly mobile workforce is using shared tablets at the point of care as well. But to actually gain the same benefits, organizations need to provide clinicians with fast and easy access to shared tablets while minimizing the risks that they can pose.
Although there are risks similar to those involving shared workstations and laptops, there are also situations that are more likely to occur or that are exacerbated by the characteristics and capabilities of tablets. As a result, managing security controls becomes a key component in ensuring the information accessed on a shared tablet is secure.
However, enforcing a unified set of security policies across a diverse set of devices is nearly impossible because of wide disparities in management capabilities. This is the primary reason for deploying an enterprise mobility management (EMM) solution. EMM solutions help organizations manage shared tablets by providing centralized, multivendor device management that result in lower risks and improved cost of ownership.
Here are some key elements that EMM solutions address.
Policy Management
Many organizations are developing new policies for shared tablets or adapting policies that were originally created to govern the use of shared workstations and laptops. In healthcare, for example, sharing enables easier device management, and facilitates the purchasing and licensing of apps. The effectiveness of any policy is dependent on employee awareness, monitoring and enforcement.
A balance is needed between permissive and restrictive policies that are consistent with organizational culture, risk tolerance, compliance requirements and business goals. For example, policies need to be established if employees are allowed to bring devices home or if they mostly remain on-site. Strict policies also reduce the chances that a device will be lost or stolen. EMM products can enforce configuration policies on tablets, but some of them also provide an encrypted container for segregating business apps and data from personal apps and data on a device. Secure browsing is another approach for segregating access to business websites.
Security Management
A strong security policy for monitoring use of devices is crucial. This includes passcodes, logging in and out, and the loading of data. Tablets are able to leverage the same remote-wipe capabilities that have become a standard control for smartphones that are capable of synchronizing with corporate email systems. Some EMM products offer a more limited or selective wipe capability that affects only those containers that hold business email or data files.
Although remote wipe of a tablet is an important capability to mitigate the risk of a lost or stolen device, it should be complemented with additional controls such as a PIN or password, locally encrypted data store and a standard process for backing up files to an approved backup server, device or service.
It is also important to control user access to data, especially in healthcare, because patient privacy is always a concern. Tablets support device hardware encryption within the OS for locked devices. One common strategy is to place sensitive data into a special folder that can be separately encrypted.
Because tablets are important communication devices, it is essential to use secure protocols for the transmission of information. Browser sessions can be protected by using SSL/Transport Layer Security (TLS) encryption. Email synchronization also may be configured to encrypt messages and content while in transit.
Software Management
EMM solutions can lock down apps that are allowed to run on a tablet. iPads that are not jail broken can only download apps from the iTunes App Store. However, for other tablets, such as those operating on Android systems, there are several app stores from which users can choose. Each app store has different rules and vetting practices. Minimally, organizations should only authorize the use of app stores that perform scans for malware whenever a new app is registered for distribution. It is not practical to enforce an app store policy unless an EMM agent there is already on the device.
The growth of the tablet market cannot be ignored, and shared devices are becoming more popular in several industries, especially healthcare. While this provides major cost savings for organizations that embrace the mobile era, the rapid pace of change in tablets and the increasing likelihood that these devices will be shared can create a moving target for protecting them.
However, organizations are deploying EMM solutions to establish a solid foundation for a tablet management program that adapts to dynamic changes in devices and operating environments. As a result, enforcing a unified set of security policies across a diverse set of devices is no longer impossible in light of the tablet management capabilities that now are available.
Although there are risks similar to those involving shared workstations and laptops, there are also situations that are more likely to occur or that are exacerbated by the characteristics and capabilities of tablets. As a result, managing security controls becomes a key component in ensuring the information accessed on a shared tablet is secure.
However, enforcing a unified set of security policies across a diverse set of devices is nearly impossible because of wide disparities in management capabilities. This is the primary reason for deploying an enterprise mobility management (EMM) solution. EMM solutions help organizations manage shared tablets by providing centralized, multivendor device management that result in lower risks and improved cost of ownership.
Here are some key elements that EMM solutions address.
Policy Management
Many organizations are developing new policies for shared tablets or adapting policies that were originally created to govern the use of shared workstations and laptops. In healthcare, for example, sharing enables easier device management, and facilitates the purchasing and licensing of apps. The effectiveness of any policy is dependent on employee awareness, monitoring and enforcement.
A balance is needed between permissive and restrictive policies that are consistent with organizational culture, risk tolerance, compliance requirements and business goals. For example, policies need to be established if employees are allowed to bring devices home or if they mostly remain on-site. Strict policies also reduce the chances that a device will be lost or stolen. EMM products can enforce configuration policies on tablets, but some of them also provide an encrypted container for segregating business apps and data from personal apps and data on a device. Secure browsing is another approach for segregating access to business websites.
Security Management
A strong security policy for monitoring use of devices is crucial. This includes passcodes, logging in and out, and the loading of data. Tablets are able to leverage the same remote-wipe capabilities that have become a standard control for smartphones that are capable of synchronizing with corporate email systems. Some EMM products offer a more limited or selective wipe capability that affects only those containers that hold business email or data files.
Although remote wipe of a tablet is an important capability to mitigate the risk of a lost or stolen device, it should be complemented with additional controls such as a PIN or password, locally encrypted data store and a standard process for backing up files to an approved backup server, device or service.
It is also important to control user access to data, especially in healthcare, because patient privacy is always a concern. Tablets support device hardware encryption within the OS for locked devices. One common strategy is to place sensitive data into a special folder that can be separately encrypted.
Because tablets are important communication devices, it is essential to use secure protocols for the transmission of information. Browser sessions can be protected by using SSL/Transport Layer Security (TLS) encryption. Email synchronization also may be configured to encrypt messages and content while in transit.
Software Management
EMM solutions can lock down apps that are allowed to run on a tablet. iPads that are not jail broken can only download apps from the iTunes App Store. However, for other tablets, such as those operating on Android systems, there are several app stores from which users can choose. Each app store has different rules and vetting practices. Minimally, organizations should only authorize the use of app stores that perform scans for malware whenever a new app is registered for distribution. It is not practical to enforce an app store policy unless an EMM agent there is already on the device.
The growth of the tablet market cannot be ignored, and shared devices are becoming more popular in several industries, especially healthcare. While this provides major cost savings for organizations that embrace the mobile era, the rapid pace of change in tablets and the increasing likelihood that these devices will be shared can create a moving target for protecting them.
However, organizations are deploying EMM solutions to establish a solid foundation for a tablet management program that adapts to dynamic changes in devices and operating environments. As a result, enforcing a unified set of security policies across a diverse set of devices is no longer impossible in light of the tablet management capabilities that now are available.
More for you
Loading data for hdm_tax_topic #better-outcomes...