SlideShare ist ein Scribd-Unternehmen logo

Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD

Sierraware
Sierraware

Simplifying BYOD deployments while satisfying HIPAA and other healthcare regulations. Virtual Mobile Infrastructure with strong biometric authentication and 4096-bit encryption. Android-based VDI for mobile security.

Technologie
1 von 29
Downloaden Sie, um offline zu lesen
Your Roadmap to Healthcare Security and BYOD
Healthcare Security Checklist Protect PHI  Mitigate BYOD risks  Apply dual factor authentication  Encrypt PHI data Develop repeatable processes for compliance Implement procedures and technologies
Healthcare Security Risks 96% of healthcare providers had one or more data breaches in the past 2 years1 1 Dell Secureworks 2 2014 Healthcare Breach Report. Data Loss 68% of healthcare breaches are due to lost or stolen mobile devices or files2 Impact of BYOD
BYOD: A Reality for Healthcare Providers  Healthcare IT is already rolling out mobile apps to improve productivity and patient care – 2 out of 5 doctors already use mobile devices during consultations1  Yet mobility also presents a threat… – 3.1M smartphones were stolen in the U.S. in 20131 Source: Dell SecureWorks
Top Mobile Risks for Healthcare Lost mobile devices Stolen mobile devices Downloading of viruses and malware Unintentional disclosure to unauthorized users Unsecure Wi-fi networks Source: HealthIT.gov, Mobile Devices: Know the Risks
5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 1.Access Control: Limit users rights to business need-to-know – Unique User Identification – Emergency Access Procedure – Automatic Logoff – Encryption and Decryption
Access Control Audit Control 2. Audit Control: Implement hardware, software, or procedural mechanisms that record and examine access to ePHI 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Transmission Security Integrity Person or Entity Authentication
5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 3. Integrity: Implement policies and procedures to protect ePHI from improper alteration or destruction
5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 4. Person or Entity Authentication: Verify that users seeking access to ePHI are who they say they are – Biometric, smartcard, pin/passcode, token
5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 5. Transmission Security: Prevent unauthorized access to ePHI that is being transmitted over a network. – Integrity: Prevent modification or tampering of ePHI data in transit – Encryption: Encrypt ePHI whenever appropriate
BYOD Challenges the 5 Pillars of Security Transmission Security Person or Entity Authentication Audit ControlAccess Control Integrity Difficult to audit mobile activity since doctors may share PHI with patients via email or text messaging apps Every app may have different authentication methods; they may not support biometric or PIN/passcode methods Mobile apps may not use stringent SSL ciphers or even encrypt data at all IT must define distinct policies for different users, mobile apps and devices—a management nightmare Controls must be applied to prevent accidental deletion or alteration of PHI from mobile devices
Risks of Uncontrolled Devices Weak Encryption No support for strong authentication Unpatched application Stores PHI on phone No auditing of user access Unpatched phone OS In violation of HIPAA compliance requirements
IT Management and Training  IT will likely need to help doctors install mobile apps – They may also need to assist users through upgrades  If apps vary by device, IT will need to provide separate app training for Apple, Android, Microsoft or HTML5 users
Mobile Device Management Not Working 20% of enterprise BYOD programs will fail due to MDM measures that are too restrictive.1 1 2014 MDM research report by ESG 2 2014 Employee BYOD Survey by Zixcorp 3 Gartner 2014 Mobility Predictions; original quote spelled out BYOD and MDM. For IT TeamsFor Employees 43% worry that employers could access personal data2 30% are concerned their employer could control their personal device2 30% say MDM is more difficult to use than they anticipated1
VDI Isn’t the Solution for BYOD Expensive VDI Shortcomings – Not designed for touch – No multimedia redirection – No access to camera, printer, video, GPS Total cost for Microsoft VDI, Citrix, and hardware is $1,000+ per user1 Not designed for cellular edge, 3G networks 1 Microsoft Desktop OS $187 per user, Citrix $300/user Requires High Bandwidth Designed for Windows
Virtual Mobile Infrastructure The Roadmap for Healthcare Security Requires…
Virtual Mobile Infrastructure (VMI) VMI is a service that hosts mobile apps or full operating systems on remote servers Provide remote access to:  Android, Apple iOS and Windows Phone with client apps  Any HTML 5-enabled device Centralize app management to:  Eliminate need to install and upgrade apps on every device
VMI Benefits for Healthcare Providers Stop data loss by preventing users from downloading data to their device Lower IT costs by eliminating mobile app management per device Extend mobile access to all users and devices with a HTML5 browser Meet compliance by monitoring data access
SierraVMI Keeps PHI Data Safe SierraVMI Shields Healthcare Data 4096-bit ECDHE Encryption Dual factor authentication SierraVMI: • Records healthcare app access • Stores app data securely in the data center • IT can centrally upgrade mobile apps Medical professional
SierraVMI Deployment SierraVMI hosted in Secure Data Center Authentication Server Laptop Tablet Phone Databases with PHI data
Mobile App Virtualization Architecture Android VM Kernel Multi-User Android Runtime VMI Security Gateway Pharma App Patient Messaging App PHI App Clients Authentication Server Benefits  Very high density  Apps can share resources like CPU  Easy to manage  No need for expensive storage Firefall containerFirefall containerFirefall container
Monitor User and Application Activity  Dashboard of system status  Detailed logs of user activity  Geo-tracking
User Monitoring  Record user sessions for forensics  Allow admins to view up to 8 active sessions
Prevent Data Loss  Watermarking deters users from photographing screens – Watermark all content including documents, video, pictures with no additional overhead  Anti-screen capture prevents users from taking screenshots  With VMI, no data is downloaded to the phone – Users cannot copy and paste text
Strong Authentication Prevent unauthorized access with: – Client certificates – One-time password (sent via text message) – Restricting access based on geographic location – Brute force login protection Ensure only legitimate users access your data
Single Sign-on to Streamline Management  Integrate with LDAP, Active Directory or SAML  Access email, calendar, contacts, and business apps without needing to re- authenticate  Automate app provisioning  Reduce IT helpdesk calls due to forgotten passwords  Improve user experience by eliminating extra login steps IT Cost ReductionDirectory Services Integration
 Centralized data storage  Prevent data loss from device theft  Centralized patch management  Eliminate concerns of devices with vulnerable or unpatched software  Regularly scan Android server for viruses and vulnerabilities Simplify and Secure Mobile App Management
SierraVMI Benefits for Healthcare Compliance: Ensure privacy and prevent data loss Security: Strong authentication, 4096-bit encryption Scalability: High user density, high performance
www.sierraware.com Click now to view SierraVMI

Empfohlen

Information Asset Management...Comply for less!!
Information Asset Management...Comply for less!!Information Asset Management...Comply for less!!
Information Asset Management...Comply for less!!
Geoff Broome
 
5 questions about the IoT (Internet of Things)
5 questions about the IoT (Internet of Things) 5 questions about the IoT (Internet of Things)
5 questions about the IoT (Internet of Things)
Deloitte United States
 
HCI Models of System
HCI Models of SystemHCI Models of System
HCI Models of System
Tania Sahito
 
Human computer interaction -Design and software process
Human computer interaction -Design and software processHuman computer interaction -Design and software process
Human computer interaction -Design and software process
N.Jagadish Kumar
 
Sensor based interaction
Sensor based interaction Sensor based interaction
Sensor based interaction
Mirza Israr
 
Implementing IOT - A Road Map
Implementing IOT - A Road MapImplementing IOT - A Road Map
Implementing IOT - A Road Map
Bryan K. O'Rourke
 
Digital Transformation and IOT
Digital Transformation and IOTDigital Transformation and IOT
Digital Transformation and IOT
Matthew W. Bowers
 
CH02-COA9e.pptx
CH02-COA9e.pptxCH02-COA9e.pptx
CH02-COA9e.pptx
ValSilverio1
 

Empfohlen

Information Asset Management...Comply for less!!
Information Asset Management...Comply for less!!Information Asset Management...Comply for less!!
Information Asset Management...Comply for less!!
Geoff Broome
 
5 questions about the IoT (Internet of Things)
5 questions about the IoT (Internet of Things) 5 questions about the IoT (Internet of Things)
5 questions about the IoT (Internet of Things)
Deloitte United States
 
HCI Models of System
HCI Models of SystemHCI Models of System
HCI Models of System
Tania Sahito
 
Human computer interaction -Design and software process
Human computer interaction -Design and software processHuman computer interaction -Design and software process
Human computer interaction -Design and software process
N.Jagadish Kumar
 
Sensor based interaction
Sensor based interaction Sensor based interaction
Sensor based interaction
Mirza Israr
 
Implementing IOT - A Road Map
Implementing IOT - A Road MapImplementing IOT - A Road Map
Implementing IOT - A Road Map
Bryan K. O'Rourke
 
Digital Transformation and IOT
Digital Transformation and IOTDigital Transformation and IOT
Digital Transformation and IOT
Matthew W. Bowers
 
CH02-COA9e.pptx
CH02-COA9e.pptxCH02-COA9e.pptx
CH02-COA9e.pptx
ValSilverio1
 
Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0
PT Datacomm Diangraha
 
ITIL
ITIL ITIL
ITIL
Aída M. Gómez
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
Abdullah Alfadhly
 
Documentation Framework for IT Service Delivery
Documentation Framework for IT Service DeliveryDocumentation Framework for IT Service Delivery
Documentation Framework for IT Service Delivery
Simon Denton
 
The Unicorn Project and The Five Ideals (older: see notes for newer version)
The Unicorn Project and The Five Ideals (older: see notes for newer version)The Unicorn Project and The Five Ideals (older: see notes for newer version)
The Unicorn Project and The Five Ideals (older: see notes for newer version)
Gene Kim
 
Sklm webinar
Sklm webinarSklm webinar
Sklm webinar
Luigi Perrone
 
Biometrics Based Authentication AKASH
Biometrics Based Authentication AKASHBiometrics Based Authentication AKASH
Biometrics Based Authentication AKASH
Akash Deep Maurya
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
Priyanka Aash
 
Simple Internet Of Things (IoT) PPT 2020
Simple Internet Of Things (IoT) PPT 2020 Simple Internet Of Things (IoT) PPT 2020
Simple Internet Of Things (IoT) PPT 2020
Multisoft Virtual Academy
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
Mukesh Chinta
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
Mukesh Chinta
 
Hci In The Software Process
Hci In The Software ProcessHci In The Software Process
Hci In The Software Process
ahmad bassiouny
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
Info-Tech Research Group
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Things
Alexandru Radovici
 
HCI 3e - Ch 2: The computer
HCI 3e - Ch 2: The computerHCI 3e - Ch 2: The computer
HCI 3e - Ch 2: The computer
Alan Dix
 
HCI 3e - Ch 17: Models of the system
HCI 3e - Ch 17: Models of the systemHCI 3e - Ch 17: Models of the system
HCI 3e - Ch 17: Models of the system
Alan Dix
 
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | Edureka
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | EdurekaIoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | Edureka
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | Edureka
Edureka!
 
CISSP-Certified.pptx
CISSP-Certified.pptxCISSP-Certified.pptx
CISSP-Certified.pptx
ssuser645549
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptx
Mark Simos
 
IoT advatage and disadvantage
IoT advatage and disadvantageIoT advatage and disadvantage
IoT advatage and disadvantage
Rubel Biswas
 
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
Sierraware
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and Finance
Sierraware
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Unicorn Project and The Five Ideals (older: see notes for newer version)
The Unicorn Project and The Five Ideals (older: see notes for newer version)The Unicorn Project and The Five Ideals (older: see notes for newer version)
The Unicorn Project and The Five Ideals (older: see notes for newer version)
Gene Kim
 
Biometrics Based Authentication AKASH
Biometrics Based Authentication AKASHBiometrics Based Authentication AKASH
Biometrics Based Authentication AKASH
Akash Deep Maurya
 
Simple Internet Of Things (IoT) PPT 2020
Simple Internet Of Things (IoT) PPT 2020 Simple Internet Of Things (IoT) PPT 2020
Simple Internet Of Things (IoT) PPT 2020
Multisoft Virtual Academy
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
Info-Tech Research Group
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptx
Mark Simos
 

Was ist angesagt? (20)

Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0Cloud Computing & Cybersecurity in Industry 4.0
Cloud Computing & Cybersecurity in Industry 4.0
 
ITIL
ITIL ITIL
ITIL
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and Protocols
 
Documentation Framework for IT Service Delivery
Documentation Framework for IT Service DeliveryDocumentation Framework for IT Service Delivery
Documentation Framework for IT Service Delivery
 
The Unicorn Project and The Five Ideals (older: see notes for newer version)
The Unicorn Project and The Five Ideals (older: see notes for newer version)The Unicorn Project and The Five Ideals (older: see notes for newer version)
The Unicorn Project and The Five Ideals (older: see notes for newer version)
 
Sklm webinar
Sklm webinarSklm webinar
Sklm webinar
 
Biometrics Based Authentication AKASH
Biometrics Based Authentication AKASHBiometrics Based Authentication AKASH
Biometrics Based Authentication AKASH
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
Simple Internet Of Things (IoT) PPT 2020
Simple Internet Of Things (IoT) PPT 2020 Simple Internet Of Things (IoT) PPT 2020
Simple Internet Of Things (IoT) PPT 2020
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
 
Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7Cisco Cybersecurity Essentials Chapter- 7
Cisco Cybersecurity Essentials Chapter- 7
 
Hci In The Software Process
Hci In The Software ProcessHci In The Software Process
Hci In The Software Process
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Things
 
HCI 3e - Ch 2: The computer
HCI 3e - Ch 2: The computerHCI 3e - Ch 2: The computer
HCI 3e - Ch 2: The computer
 
HCI 3e - Ch 17: Models of the system
HCI 3e - Ch 17: Models of the systemHCI 3e - Ch 17: Models of the system
HCI 3e - Ch 17: Models of the system
 
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | Edureka
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | EdurekaIoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | Edureka
IoT Technology Tutorial | IoT Technology Stack | IoT Project Hands-On | Edureka
 
CISSP-Certified.pptx
CISSP-Certified.pptxCISSP-Certified.pptx
CISSP-Certified.pptx
 
The Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptxThe Open Group - ZT Commandments and Reference Model.pptx
The Open Group - ZT Commandments and Reference Model.pptx
 
IoT advatage and disadvantage
IoT advatage and disadvantageIoT advatage and disadvantage
IoT advatage and disadvantage
 

Ähnlich wie Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD

Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
rebelreg
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
Arrow ECS UK
 
Mobile monday mhealth
Mobile monday mhealthMobile monday mhealth
Mobile monday mhealth
Joe Drumgoole
 

Ähnlich wie Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD (20)

SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and Finance
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
 
Accellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonAccellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, London
 
IRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle PatternIRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle Pattern
 
IRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle Pattern
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
 
A case study on BFSI and healthcare
A case study on BFSI and healthcare A case study on BFSI and healthcare
A case study on BFSI and healthcare
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?
 
Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?
 
MobileSecurity WhitePaper
MobileSecurity WhitePaperMobileSecurity WhitePaper
MobileSecurity WhitePaper
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
 
Module 6.pdf
Module 6.pdfModule 6.pdf
Module 6.pdf
 
Module 6.Security in Evolving Technology
Module 6.Security in Evolving TechnologyModule 6.Security in Evolving Technology
Module 6.Security in Evolving Technology
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
 
Mobile monday mhealth
Mobile monday mhealthMobile monday mhealth
Mobile monday mhealth
 

Mehr von Sierraware

Mehr von Sierraware (9)

Sierraware browser isolation
Sierraware browser isolationSierraware browser isolation
Sierraware browser isolation
 
Cloud gaming
Cloud gamingCloud gaming
Cloud gaming
 
Sierraware virtual phone
Sierraware virtual phoneSierraware virtual phone
Sierraware virtual phone
 
Trustzone secure os tee for mips
Trustzone secure os tee for mipsTrustzone secure os tee for mips
Trustzone secure os tee for mips
 
Moving Beyond MDM: Why Legacy Mobile Security Products Don't Work
Moving Beyond MDM: Why Legacy Mobile Security Products Don't WorkMoving Beyond MDM: Why Legacy Mobile Security Products Don't Work
Moving Beyond MDM: Why Legacy Mobile Security Products Don't Work
 
Your Shortcut to BYOD Success
Your Shortcut to BYOD SuccessYour Shortcut to BYOD Success
Your Shortcut to BYOD Success
 
Mobile App Virtualization 101
Mobile App Virtualization 101Mobile App Virtualization 101
Mobile App Virtualization 101
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
 
Sierraware ARM hypervisor
Sierraware ARM hypervisor Sierraware ARM hypervisor
Sierraware ARM hypervisor
 

Kürzlich hochgeladen

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 

Kürzlich hochgeladen (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 

Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD

  • 1. Your Roadmap to Healthcare Security and BYOD
  • 2. Healthcare Security Checklist Protect PHI  Mitigate BYOD risks  Apply dual factor authentication  Encrypt PHI data Develop repeatable processes for compliance Implement procedures and technologies
  • 3. Healthcare Security Risks 96% of healthcare providers had one or more data breaches in the past 2 years1 1 Dell Secureworks 2 2014 Healthcare Breach Report. Data Loss 68% of healthcare breaches are due to lost or stolen mobile devices or files2 Impact of BYOD
  • 4. BYOD: A Reality for Healthcare Providers  Healthcare IT is already rolling out mobile apps to improve productivity and patient care – 2 out of 5 doctors already use mobile devices during consultations1  Yet mobility also presents a threat… – 3.1M smartphones were stolen in the U.S. in 20131 Source: Dell SecureWorks
  • 5. Top Mobile Risks for Healthcare Lost mobile devices Stolen mobile devices Downloading of viruses and malware Unintentional disclosure to unauthorized users Unsecure Wi-fi networks Source: HealthIT.gov, Mobile Devices: Know the Risks
  • 6. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 1.Access Control: Limit users rights to business need-to-know – Unique User Identification – Emergency Access Procedure – Automatic Logoff – Encryption and Decryption
  • 7. Access Control Audit Control 2. Audit Control: Implement hardware, software, or procedural mechanisms that record and examine access to ePHI 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Transmission Security Integrity Person or Entity Authentication
  • 8. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 3. Integrity: Implement policies and procedures to protect ePHI from improper alteration or destruction
  • 9. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 4. Person or Entity Authentication: Verify that users seeking access to ePHI are who they say they are – Biometric, smartcard, pin/passcode, token
  • 10. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 5. Transmission Security: Prevent unauthorized access to ePHI that is being transmitted over a network. – Integrity: Prevent modification or tampering of ePHI data in transit – Encryption: Encrypt ePHI whenever appropriate
  • 11. BYOD Challenges the 5 Pillars of Security Transmission Security Person or Entity Authentication Audit ControlAccess Control Integrity Difficult to audit mobile activity since doctors may share PHI with patients via email or text messaging apps Every app may have different authentication methods; they may not support biometric or PIN/passcode methods Mobile apps may not use stringent SSL ciphers or even encrypt data at all IT must define distinct policies for different users, mobile apps and devices—a management nightmare Controls must be applied to prevent accidental deletion or alteration of PHI from mobile devices
  • 12. Risks of Uncontrolled Devices Weak Encryption No support for strong authentication Unpatched application Stores PHI on phone No auditing of user access Unpatched phone OS In violation of HIPAA compliance requirements
  • 13. IT Management and Training  IT will likely need to help doctors install mobile apps – They may also need to assist users through upgrades  If apps vary by device, IT will need to provide separate app training for Apple, Android, Microsoft or HTML5 users
  • 14. Mobile Device Management Not Working 20% of enterprise BYOD programs will fail due to MDM measures that are too restrictive.1 1 2014 MDM research report by ESG 2 2014 Employee BYOD Survey by Zixcorp 3 Gartner 2014 Mobility Predictions; original quote spelled out BYOD and MDM. For IT TeamsFor Employees 43% worry that employers could access personal data2 30% are concerned their employer could control their personal device2 30% say MDM is more difficult to use than they anticipated1
  • 15. VDI Isn’t the Solution for BYOD Expensive VDI Shortcomings – Not designed for touch – No multimedia redirection – No access to camera, printer, video, GPS Total cost for Microsoft VDI, Citrix, and hardware is $1,000+ per user1 Not designed for cellular edge, 3G networks 1 Microsoft Desktop OS $187 per user, Citrix $300/user Requires High Bandwidth Designed for Windows
  • 16. Virtual Mobile Infrastructure The Roadmap for Healthcare Security Requires…
  • 17. Virtual Mobile Infrastructure (VMI) VMI is a service that hosts mobile apps or full operating systems on remote servers Provide remote access to:  Android, Apple iOS and Windows Phone with client apps  Any HTML 5-enabled device Centralize app management to:  Eliminate need to install and upgrade apps on every device
  • 18. VMI Benefits for Healthcare Providers Stop data loss by preventing users from downloading data to their device Lower IT costs by eliminating mobile app management per device Extend mobile access to all users and devices with a HTML5 browser Meet compliance by monitoring data access
  • 19. SierraVMI Keeps PHI Data Safe SierraVMI Shields Healthcare Data 4096-bit ECDHE Encryption Dual factor authentication SierraVMI: • Records healthcare app access • Stores app data securely in the data center • IT can centrally upgrade mobile apps Medical professional
  • 20. SierraVMI Deployment SierraVMI hosted in Secure Data Center Authentication Server Laptop Tablet Phone Databases with PHI data
  • 21. Mobile App Virtualization Architecture Android VM Kernel Multi-User Android Runtime VMI Security Gateway Pharma App Patient Messaging App PHI App Clients Authentication Server Benefits  Very high density  Apps can share resources like CPU  Easy to manage  No need for expensive storage Firefall containerFirefall containerFirefall container
  • 22. Monitor User and Application Activity  Dashboard of system status  Detailed logs of user activity  Geo-tracking
  • 23. User Monitoring  Record user sessions for forensics  Allow admins to view up to 8 active sessions
  • 24. Prevent Data Loss  Watermarking deters users from photographing screens – Watermark all content including documents, video, pictures with no additional overhead  Anti-screen capture prevents users from taking screenshots  With VMI, no data is downloaded to the phone – Users cannot copy and paste text
  • 25. Strong Authentication Prevent unauthorized access with: – Client certificates – One-time password (sent via text message) – Restricting access based on geographic location – Brute force login protection Ensure only legitimate users access your data
  • 26. Single Sign-on to Streamline Management  Integrate with LDAP, Active Directory or SAML  Access email, calendar, contacts, and business apps without needing to re- authenticate  Automate app provisioning  Reduce IT helpdesk calls due to forgotten passwords  Improve user experience by eliminating extra login steps IT Cost ReductionDirectory Services Integration
  • 27.  Centralized data storage  Prevent data loss from device theft  Centralized patch management  Eliminate concerns of devices with vulnerable or unpatched software  Regularly scan Android server for viruses and vulnerabilities Simplify and Secure Mobile App Management
  • 28. SierraVMI Benefits for Healthcare Compliance: Ensure privacy and prevent data loss Security: Strong authentication, 4096-bit encryption Scalability: High user density, high performance