mobility issue in healthcare
DESCRIPTION
discussing mobility security ssue in HealthcareTRANSCRIPT
Digital Security and Mobility in Health
Michael Aboltins Technology Manager, Loop TechnologyGraham Harvey
Security Engineer, McAfee
Agenda
8:45am Digital Security and Mobility in Health
Michael Aboltins, Loop Technology9:15am Networking & Light Breakfast9:30am Technology Demonstration9:55am Wrap-Up & Questions
10:00am Finish
Loop Technology approach to security
Experience in Health
The consumerisation of IT
‘The need to effectively respond to individual demand for use of consumer technologies and
social interaction’ was highlighted as one of the 3 main predictions for 2011 by Gartner.
“Health organisations will need to expand their use of wireless/mobilitywireless/mobilitywireless/mobilitywireless/mobilitysolutions to accommodate an evolving high-performance workplace.” Key Issues for Healthcare Delivery Organisations, 2011, Gartner
2010 IDC Consumerisation of IT in Australia Study, IDC
The wave has hit ….
Use personaldevice forwork
Don't usepersonaldevice forwork
Consumerisation is well underway -
95% of the workers who responded to a recent IDC Australian survey have used technology they purchased themselves for work.
Mobile Computing in our pockets
Market Drivers
• Work/share/play anywhere
• No longer just a phone
• Social networking driving cloud computing
• New services e.g. GPS & Mapping
• Greater productivity
• Lower capex cost
• Benefits of “BYO computing”
Mobility in Health
Aim: Improving patient care
• Increased patient contact
• Increased access to information
• More informed care decisions
• Improved patient safety
• Patients getting better, sooner
• Improved efficiency
• Reducing administrative overheads
• Greater flexibility – both on and off site
• Making clinicians lives easier!
Mobile Computing Applications
Medical professional tools
• Websites e.g. PubMed, Medical Journals & drug information
• Patient monitoring & care tools e.g. iSoft Mobile Patient Management, AirStrip Cardiology
• Health tailored apps e.g. radiology tools
• Medical instruments e.g. Ultrasound & Cardio
Mobile Computing ApplicationsPatient tools
• Diabetes training and information tools
• Drug feedback & reminder tools
• Other monitoring tools
Administration tools
• Timesheet applications
• Leave request & payroll tools
• Medical records and management
• Booking of hospital services
• Outpatient reminders & management
Mobile Computing Risk• Patient privacy risk through loss/theft of data
• Vulnerable to threats - Malware
• Infection of other devices
Mobile Malware Growth by quarter
The number of new mobile malware in 2010 increased by 46% compared with 2009.
Source: McAfee Threats Report, Q4 2010
Mobile Risk – Risk vs Reward
Risk
Functionality
Mobility – Say Yes!
Mobile Risk
Mobile Threats by Hardware and software platform, 2009 - 2010
Source: McAfee Threats Report, Q4 2010
Mobility strategy
Policy
Information Handling policy
Information Handling policy
Acceptable Use Policy
•Personal equipment Policy
Acceptable Use Policy
•Personal equipment Policy
Access management Policy
•Contractor policy
•Home Computing policy
Access management Policy
•Contractor policy
•Home Computing policy
Technical Controls
Central Management
suite
Central Management
suite
Point products
•Anti-virus
•Backup
•Location aware controls
Point products
•Anti-virus
•Backup
•Location aware controls
Data Loss prevention
•DLP clients
•Remote wipe tools
•Encryption tools
Data Loss prevention
•DLP clients
•Remote wipe tools
•Encryption tools
Training
User awarenessUser awareness
Technical Security update
training
Technical Security update
training
Product/solution training
Product/solution training
Risk reviews
Mobile computing review
Mobile computing review
Firewall/gateway review
Firewall/gateway review
System/mail server security
review
System/mail server security
review
Vulnerability scan /
Penetration testing
Vulnerability scan /
Penetration testing
Mobility strategy - Policy
• Information Handling
• Acceptable Use
• Access Management
• Incident Handling
• Mobility/ BYO Policy
• Contractor policy
Mobility strategy
Policy
Information Handling policy
Information Handling policy
Acceptable Use Policy
•Personal equipment Policy
Acceptable Use Policy
•Personal equipment Policy
Access management Policy
•Contractor policy
•Home Computing policy
Access management Policy
•Contractor policy
•Home Computing policy
Technical Controls
Central Management
suite
Central Management
suite
Point products
•Anti-virus
•Backup
•Location aware controls
Point products
•Anti-virus
•Backup
•Location aware controls
Data Loss prevention
•DLP clients
•Remote wipe tools
•Encryption tools
Data Loss prevention
•DLP clients
•Remote wipe tools
•Encryption tools
Training
User awareness User awareness
Technical Security update
training
Technical Security update
training
Product/solution training
Product/solution training
Risk reviews
Mobile computing review
Mobile computing review
Firewall/gateway review
Firewall/gateway review
System/mail server security
review
System/mail server security
review
Vulnerability scan /
Penetration testing
Vulnerability scan /
Penetration testing
Mobility controls
Policy
Information Handling policy
Information Handling policy
Acceptable Use Policy
•Personal equipment Policy
Acceptable Use Policy
•Personal equipment Policy
Access management Policy
•Contractor policy
•Home Computing policy
Access management Policy
•Contractor policy
•Home Computing policy
Technical Controls
Central Management
suite
Central Management
suite
Point products
•Anti-virus
•Backup
•Location aware controls
Point products
•Anti-virus
•Backup
•Location aware controls
Data Loss prevention
•DLP clients
•Remote wipe tools
•Encryption tools
Data Loss prevention
•DLP clients
•Remote wipe tools
•Encryption tools
Training
User awarenessUser awareness
Technical Security update
training
Technical Security update
training
Product/solution training
Product/solution training
Risk reviews
Mobile computing review
Mobile computing review
Firewall/gateway review
Firewall/gateway review
System/mail server security
review
System/mail server security
review
Vulnerability scan /
Penetration testing
Vulnerability scan /
Penetration testing
Mobility strategy
Policy
Information Handling policy
Information Handling policy
Acceptable Use Policy
•Personal equipment Policy
Acceptable Use Policy
•Personal equipment Policy
Access management Policy
•Contractor policy
•Home Computing policy
Access management Policy
•Contractor policy
•Home Computing policy
Technical Controls
Central Management
suite
Central Management
suite
Point products
•Anti-virus
•Backup
•Location aware controls
Point products
•Anti-virus
•Backup
•Location aware controls
Data Loss prevention
•DLP clients
•Remote wipe tools
•Encryption tools
Data Loss prevention
•DLP clients
•Remote wipe tools
•Encryption tools
Training
User awarenessUser awareness
Technical Security update
training
Technical Security update
training
Product/solution training
Product/solution training
Risk reviews
Mobile computing review
Mobile computing review
Firewall/gateway review
Firewall/gateway review
System/mail server security
review
System/mail server security
review
Vulnerability scan /
Penetration testing
Vulnerability scan /
Penetration testing
Technical controls to lower risk
iPhone
• Enforce encrypted email
• Prevent jail-broken phones from connecting
• Able to remote wipe
• Reporting tools
All other platforms
• Above plus..
• Anti-virus / anti-malware
• New tools as they become available
Reduce risk with EMM
Risk withoutEMM
Risk withEMMdeployed
Point Point Point Point products products products products AV AV AV AV etcetcetcetc
Networking Break & Light Breakfast9:30am Technology DemonstrationGraham Harvey, Security EngineerMcAfee
McAfee Enterprise Mobility ManagementSecuring Mobile Applications
23
Win 7
& WinMo
Empowering Enterprise Mobility
• Secure
– Manages native security settings
– Enforces device compliance
– Extends the security infrastructure
via ePO
– Integrates with the data center
• Easy
– Simple administration and
reporting via ePO
– User self-service provisioning
– Device personalization for user
productivity
• Scalable
– Scales to 10s of 1,000s of devices
– Supports HA and DR
configurations
Database
Files
Directory
Applications
Certificate Services
Messaging
Enterprise Environment
Symbian
Android
webOS
BlackBerry
iPhone
iPad
McAfee
EMM
23 April 11, 2011
VPN
24
The Right Life Cycle for Mobile Device Management
ePO
Provisioning
Define security policies, network connectivity, and
resources; users self-service provision for automatic
device personalization.
Policy
Management
Compliance
IT Operations
Support
Application
ManagementProvisioning
Security &
AuthenticationePO
Security and Authentication
Enable devices to strongly
authenticate against Microsoft CA.
Supports two-factor authentication.
Policy Management
Remotely perform helpdesk tasks and
push security policies and configuration
updates over-the-air.
Compliance
Automatically check devices prior to
network access.
IT Operations Support
Visualize and manage devices
centrally through McAfee ePO
integration.
Enterprise Application Management
Make apps available in a secure, role-based way.
Offer apps for download, links to third-party app
stores, and web links.
April 11, 201124
25
Self-Service Provisioning for iPhone
April 11, 2011
Easy, Secure, Automated
Go to the
App Store
1 2
Enter Your Email
Credentials
IT Services are Auto-
Provisioned
4
Agree to Corporate
Policy
3
Easy, Secure, Automated
25
op
tio
na
l
26
Self-Service Provisioning for Android
April 11, 201126
1
Go to the
Marketplace
2
Enter Your Email
Credentials
3
Agree to Corporate
Policy
4
IT Services are Auto-
Provisioned
Easy, Secure, Automated
27 April 11, 201127
Benefits:
• Industry-standard security
• Strong authentication for secure
access to communications
services such as Wi-Fi and VPN
• Strong authentication for secure
push email and other applications
• Single sign on for enhanced user
experience
• No impact on battery life
Industry-Standard Security:
Microsoft Certificate Authority
Industry Standard PKI for Strong Authentication
28
Enterprise Application Store
• Recommend and make applications securely available based on group, role, or device type.
– Custom corporate
applications
– Third-party
applications (Apple
App Store or Android
Marketplace)
– Webclips
• Device applicationinventory, audit, andpolicy management
29
Centralized Visibility and Control with ePO
Compliance reports
about
Compliance reports
are based on
systems we know
about
30
What we don’t
manage is
where
compliance
status is
unknown
Centralized Visibility and Control with ePO
31
Bringing all
actions
Bringing all
endpoints into
compliance
status view is
critical to
assessing risk
and prioritizing
actions
Centralized Visibility and Control with ePO
32
Security Solutions for Consumerization of IT
April 11, 2011
Consumerization of ITLaptops and Desktops Virtualized DesktopsMobile Devices
Network Access Control: McAfee NAC Appliance / Network Security Platform
ManagedUn-Managed
McAfee MNAC, McAfee MNAC, Suites, Encryption
McAfee MOVE VDI
Web Applications & DLP: McAfee Firewall / Web Appliance / Network DLP
Security Infrastructure: McAfee ePO, Endpoint, Network, Content, Compliance Portfolio
McAfee EMM and WaveSecure
BYOIT
IssuedBYO
IT Issued
Mobility controls
Policy
Information Handling policy
Information Handling policy
Acceptable Use Policy
•Personal equipment Policy
Acceptable Use Policy
•Personal equipment Policy
Access management Policy
•Contractor policy
•Home Computing policy
Access management Policy
•Contractor policy
•Home Computing policy
Technical Controls
Central Management
suite
Central Management
suite
Point products
•Anti-virus
•Backup
•Location aware controls
Point products
•Anti-virus
•Backup
•Location aware controls
Data Loss prevention
•DLP clients
•Remote wipe tools
•Encryption tools
Data Loss prevention
•DLP clients
•Remote wipe tools
•Encryption tools
Training
User awareness training
User awareness training
Technical Security update
training
Technical Security update
training
Product/solution training
Product/solution training
Risk reviews
Mobile computing review
Mobile computing review
Firewall/gateway review
Firewall/gateway review
System/mail server security
review
System/mail server security
review
Vulnerability scan /
Penetration testing
Vulnerability scan /
Penetration testing
SECURE MOBILITY STRATEGY
Questions?