VUMC requires security software for personal devices used for work

Vanderbilt University Medical Center has selected VMware Workspace ONE to provide mobile device management for staff who use their personal smartphones and tablets to conduct VUMC business.

To maintain access to VUMC email from their personal devices, employees are being required to enroll in Workspace ONE for mobile device management by Feb. 1, 2020.

The requirement is part of VUMC’s bring your own device (BYOD) policy as the healthcare organization attempts to balance security and convenience while addressing the inherent risks from the proliferation of personal devices used for work.

“Security, compliance concerns, privacy issues and data loss are all risk factors when using VUMC resources from unsecured, personal devices,” according to VUMC’s Enterprise Cybersecurity office. “Additional measures of protection like MDM can be used to make VUMC resources available securely from any device, anywhere.”

Workspace ONE, which is currently available for download from VUMC Enterprise Cybersecurity, encrypts the mobile device, installs a VUMC email configuration and requires a passcode to access the device. The solution is meant to give VUMC’s staff flexibility and device choice and at the same time a way of securing organizational data.

VUMC-CROP.jpg
Vanderbilt Medical Center Campus photos, summer 2014 ( Daniel Dubois / Vanderbilt University)

“We have a responsibility to ensure that all devices accessing our data are secure in all circumstances,” says Andrew Hutchinson, VUMC’s chief information security officer. “Enrolling in Workspace ONE ensures that mobile devices are safe for VUMC data in the same way our workstations are.”

When it comes to employee privacy, Hutchinson emphasizes that Workspace ONE does not track the location of the users of the software nor does it collect user data.

In response to cybercriminals launching email scams in order to steal employee login credentials, VUMC last year implemented multi-factor authentication for online access to sensitive account information on its human resources system. HR-held data, such as employees’ bank account information (for automatic deposit of paychecks) and Social Security numbers, are often the target of these attacks.

For reprint and licensing requests for this article, click here.