Poorly written apps/custom that are vulnerable to all kinds of web attacks
Mobile malware(steals passwords, reads email)
Remote wipe/encryption/AV is cool but the first two work ok signature based AV doesn’t
Outside of cell phones tablets/ipod touches are taking over in healthcare and other markets
Mobile security is large emerging market.
XenApp/Citrix/ICA stuff is cool because the data is still contained at the office.
Sorry, I botched the name.
Zenprise is what I was looking for.http://www.zenprise.com/products/zenprise-mobilemanager
It’s a management software that allows IT departments to put restrictions on mobile devices so that they can make sure that email is setup safely, restrict the apps that can be installed, make sure the phone isn’t rooted/jailbroken, etc… That way you minimize a lot of the risk that is associated with mobile malware, shitty apps, people who want to hack their phones and all of the other risks.
LZ, I work at a hospital with a lot of spolied rich doctors… The onslaught of iOS devices is crazy and we are implementing a lof of EHR systems that are mobile device friendly. So we’re trying to find workable solutions.
Also, word on the street is that RIM is hiring iOS developers because they are planning to integrate iOS and Android into their mobile device management suite.
https://twitter.com/#!/wtfxcode
That is like saying the safest plane is one that doesn’t fly. RIM is outdated and Apple/Android is now the shifting corporate phone
Apple and Android are taking over, but security is becoming a major issue. ESPECIALLY in arenas like healthcare industry where Protected Health Information might end up on the device (email attachments and clinical applications) and a breach can have severe consequences with HIPAA.
Some device management platform is definitely needed. Sorry, but we cannot give users the ability to do anything they want with their devices. Same thing with laptops.
I work in a health care orienteted college. The nursing students are REQUIRED to purchase either an iPhone or iPod Touch and download this nursing suite software on there. It’s definitely the way things are going.
I have been doing HIPAA risk assessments and blowing up Baxter IV pumps and all kinds of networked medical gear…
Its kinda scary lol
Nobody follows HIPPA…
It’s beyond scary…to the point that I am definitely not going to discuss it here
Wat?
Everyone follows HIPAA now and everyone is getting risk assessments done for part of meaningful use.
meaningful use … the term that makes people shudder and cry in the corner around here
From the extremely limited time I’ve been exposed to the medical field, I’ve heard lots of horror stories, and violations.
So people are trying and places that never had a security team/program/policy are now working on getting better.
Smaller hospitals are 2-3 man IT shops you can’t dedicate one person to security.
Even larger hospitals have Information security people who have no idea wtf is going on and deal with password resets and policy that doesn’t work all day.
Lz hit the nail on the head. My organization is changing big time though. Were starting to do some really cool stuff but it takes time and resources.
Welcome to economics.
I’m sure group policy gets an extensive workout in HIPAA environments.
Eh
It’s a lot of dump little shit to like auto login at nurse stations, shared accounts, no screen lock out, LM hashes, USB drives, No full disk encryption, no policy to update 3rdparty software(adobe etc), no updating MS stuff properly, no system hardening process.
What type of encryption software are you seeing?
Symantec
Symantec PGP here as well
HIPAA places heavy emphasis on access restrictions for data. We monitor application data with special tools to determine which employees are viewing what patient records. The compliance office then acts on those reports based on their findings.
I can tell you that from what I am seen, the compliance office is VERY strict and not afraid to take serious action.
You have to remember that in Healthcare, security is about more than just hackers, especially when it comes to HIPAA. Just because you are a nurse at a hospital doesn’t give you the right to just thumb through people’s medical records at will. Now that medical records are electronic, IT Sec depts have to provide solutions to that.
Speaking of mobile security: