CIOREVIEW >> Enterprise Risk Management >>

Mobile Device: A Cost Saving Asset To Enterprises

Ray Hawkins, CISO, Genesis Healthcare
Ray Hawkins, CISO, Genesis Healthcare

Ray Hawkins, CISO, Genesis Healthcare

Mobile devices will continue to be a multi-faceted issue as Enterprises continue to assess cost savings around implementing BYOD and allowing mixed use devices access to corporate data as well as enhancing current internal programs. Most of the Mobile Device Management vendors have matured to the point where you can implement a relatively secure policy set that is agnostic of device ownership. Wherein you also ensure you lock down alternate paths to data, such as email via Active Sync, then you can have a useable device that properly segregates corporate and personal data. Once you have a solid platform, strong policy that is consistently enforced and collaborative interaction with business leadership, then you’re better positioned to anticipate and respond to risk.

For example, in the Long Term Care sector of Health Care delivery, we must be vigilant and responsive to business demands, regulatory changes and technology changes. As the profile of our employee population evolves to one more comfortable, and even expecting of mobile device use, we see these same individuals, these front-line care givers pushing for adoption of mobile apps that help them do their jobs more efficiently, more effectively, and/or more economically. Monolithic applications that change only infrequently become background to what employees may wish to do via Mobile Apps they find in the various stores and marketplaces. In seeing this demand we are engaging not just the leadership but also portions of a workforce that numbers in the tens of thousands to proactively identify cross-reference needs where legacy services are still behind in terms of development and delivery cycles. We can also leverage periodic mobile app inventory reviews to identify new application install clusters and then address those directly from a security and compliance assessment perspective. In some cases we can assess and make recommendations around potential value added mobile applications, while in other cases, the potential PHI and PII exposures may preclude us from white listing a third party application. Nevertheless, these activities provide great insight into business demand that is pure bottom-up.

Further, wider mobile device deployments in the clinical setting have placed greater burdens on asset management and loss prevention. Managing ten thousand plus devices across hundreds of sites can stretch any asset management program no matter how mature. In addition to standard awareness campaigns, good physical security, consistent inventory procedures to check-in and checkout corporate issued devices, a good MDM client and location services; we are developing a process whereby, in theory, we can poll localized list files from across our field locations, onboard this data into a centralized SEIM and run logic against this identify at risk assets. For example, if the operational procedure is at the start each day, mobile devices (Apple) and/or Pads (also Apple) are “checked-out” for use in clinical work all day, and at the end of each day the assets are checked back in to a secure synchronization tray connected to a facility level iTunes implementation, then we should be able to use the local list file to profile expected use of assets. Correlated against MDM check-ins we can quickly identify where an asset may be lost/stolen but not yet reported. Correlated even further to network CAM table we can perhaps even isolate where in the local network we last saw the asset.

Check out: Top Revenue Cycle Management Technology Companies


CIO Review Clients : Flagship , PCMI

Media Partner : CIO Review | B2B Online 2020

CIO Review Press Releases :   CIO Review | One Stop Systems

                                         CIO Review | ComplianceQuest