Aug 11 2017

3 Priorities for a Successful Healthcare EMM Deployment

To ensure smooth enterprise mobility management efforts, providers must balance access and protection needs.

Most mobile deployments, whether bring your own device or enterprise-­initiated, use enterprise mobility management tools to smooth efforts and offer security controls.

EMM suites usually include device, application, content and identity management components. While healthcare environments overlap other enterprise needs, three specific mobile deployment issues interest IT managers at provider organizations: regulatory data protection; performance and responsiveness; and network access controls. When searching for the right EMM tools for your healthcare deployment, those areas require particular attention.

1. Balance User Access and Data Security

Data protection represents the greatest concern for healthcare IT managers. From data loss and unauthorized access to accidental disclosure, the potential nightmare scenarios are endless. Mobile devices create an essential tension between having accurate patient data at your fingertips and protecting that data while in transit or storage. Although the biggest responsibility for data protection lies with mobile applications, EMM software helps in other ways:

  • Whole-disk encryption controls: Activate encryption and set it to an appropriate level using EMM.
  • Password protection: Control device and biometric password protections, as well as related settings such as screen lock timings, through EMM. That ensures that users are not putting data at risk by trading security for convenience.
  • Application controls: EMM ensures that only authorized applications from trusted sources are installed. Control mobile device installations to minimize potential leaks and malware.

Security experts often propose sandbox technology as a solution to data protection problems. Such tools partition devices to provide both isolation and greater protection for sensitive information.

Unfortunately, sandboxes are highly device- and application-specific. Evaluating sandbox capabilities without a clear understanding of your application and data environment is ­difficult. What’s more, a big buy-in to sandbox technology may create application lock-in or make future apps difficult to deploy.

Virtual mobile infrastructure, an alternative to sandboxing in some suites, brings virtual desktop infrastructure to mobile devices. VMI offers the same data protection features as VDI by ­keeping both applications and data off the device. It’s not yet commonplace, but IT managers evaluating potential EMM suites and VDI should keep VMI in mind.

2. Seek Out Continuous Network-Based Backups

Caregivers are famously short on time and impatient when IT interrupts their flow of work. Meeting the needs of that user community requires special attention to performance. But when organizations trade security for convenience, performance and responsiveness become major areas of concern.

To maintain end-user satisfaction, providers must pare down time for device logins, application startups and other overhead. EMM can help here. Look for EMM suites that provide continuous network-based backup to either local backup systems or cloud-based servers. By pushing ­backups through the network, device availability and ­performance increase, allowing users to stay more mobile and less tethered.

IT managers may think their primary backup responsibility lies in enterprise data, but part of a mobile rollout includes acknowledging shared responsibility between users and the organization. Devices often contain user photos, fitness data, text messages and other personally valuable information. Users who understand that their tools are fully backed up will more likely report lost or stolen devices, because they won’t fear losing valuable data if the device is wiped or locked.

Strong backups also solve a more recent problem: Ransomware becomes almost a nonissue when all important data are safely stored off vulnerable devices. Although ransomware has yet to hit mobile devices, it’s only a matter of time. Because device wipes — another near-universal EMM feature — work only if devices are on-network and responding, any delay in action reduces the tool’s effectiveness.

Some EMM suites offer selective device wipe, but the sensitive nature of healthcare data makes a whole device wipe advisable. Evaluate EMM tools for speed in device deployment, configuration and device restore performance. Carefully investigate any slowdown EMM agents may cause.

3. Bring Order to the Chaos with Preconfigured Networks

IT managers need strong configuration when deploying network access control. Although the best way to defuse phishing attacks is through user education, mobile devices universally connect wirelessly, making them prime targets in uncontrolled environments such as open Wi-Fi networks.

EMM suites can preconfigure enterprise wireless networks, including digital certificates used to identify corporate access points, and prohibit unauthorized connections, such as open Wi-Fi. They can also force devices to use carriers’ 3G or 4G data services when offsite. If a mobile staff member needs uncontrolled Wi-Fi, EMM can provide virtual private network clients or enforce VPN profiles using enterprise clients.

By forcing all traffic — including internet-bound — through a VPN tunnel, organizations can better protect devices and data against attackers in search of wireless vulnerabilities.

Hero/Getty Images

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.