I've written many times about the Bring Your Own Device movement (BYOD) and the need for increasing security controls.
For years, we've controlled device settings on Blackberry devices with the Blackberry Enterprise Server (BES). We force passwords, encryption, and device memory wipes for ten failed passwords so that every user has enterprise enforced security
With iPhones and Android devices it's harder to control settings and behavior on personal equipment.
We think the best we can do within the limitations of present server-side technology is to enforce the use of passwords on all devices using Active Sync, require a timeout of 10 minutes, and eliminate the use of the most simple passwords (1234, 1111 etc). Microsoft Exchange/Active Sync can query the device for the settings currently in place and only synchronize email if the device adheres to enterprise security policies.
We'll eliminate support for POP and IMAP protocols because these cannot be used to inspect and enforce desirable device settings.
We've debated the use of settings that automatically wipe the device for 10 failed password attempts, as we do with Blackberry. However, given that we cannot selectively purge corporate verses personal data, we'll likely avoid that setting for now.
BYOD management is a journey. Server side tools that inspect personal devices and only allow synchronization of corporate data such as email when settings are consistent with policies seem like a cool solution.
In the future, we may add client software (Mobile Device Management) to each device to provide more control over encryption on Android devices and permit selective memory wiping of corporate data.
I welcome comments on what others have done. BYOD is here to stay. Compliance and IT departments need to collaborate on a set of policies and technologies that will meet the needs of regulatory requirements while maintaining service capabilities and user productivity.
Friday, May 11, 2012
3:00 AM
dssadsds
No comments
Related Posts:
The College Drop OffI have a very hard time giving up roles and responsibilities. Rather than change jobs, I add jobs.In 1996, I oversaw the CareGroup Center for Quality and Value, the data warehousing and analytic operations of a B… Read More
The Standards Summer Camp DeliverablesOn September 28 2011, the HIT Standards Committee (HITSC) will officially deliver to ONC its 6 months of hard work from Standards Summer Camp. HITSC subcommittees and workgroups have met every other day since April to p… Read More
Cool Technology of the WeekI recently received the press release below, which illustrates a cool trend in the healthcare IT industry.eClinicalWorks and other EHR vendors have been piloting standard transport interfaces that are compatible with Nationwi… Read More
Lessons Learned from Steve JobsI recently spoke with several reporters about Steve Jobs' impact on healthcare , thanking him for the past 15 years of innovation. In preparing for those interviews, I reviewed Steve's career milestones,In 1997, Apple … Read More
Decision FatigueWe're all suffering from information overload. More projects with fewer staff on shorter timeframes mean more email, texts, blogs, online meetings, and phone calls. We make more decisions and have more accountabi… Read More
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment