Trends in Mobility
Convergence of Devices
Smartphone
Ultramobile Notebook
Media Tablet
2-3
10
12
13-15
One-hand Typing
Two-hands
Sit-back Computing 7 10
2-3
EA Approach to Mobility
IHiS Confidential
Table of Content
1. Mobile Device Definition & Usage 2. Security concerns and Control measures 3. Mobile Device Access Matrix
10
Control Measures
Data Leakage Prevention (DLP) tools* Traffic Screening Port blocking tools* Firmware patch/update Do-not-Jailbreak Port blocking tools* Anti-virus/malware for mobile devices* Do-not-Jailbreak Mobile device locking Remote-wipe Encryption of sensitive data
Copyright 2013, Integrated Health Information Systems Pte Ltd.
Direct Attack
Malicious Software
Malwares Viruses
What to control?
Device Type
Smartphones Tablets Laptops
Device Owner
Personal devices (BYOD Bring Your Own Device) Corporate
Data Type
Category A General, Non-confidential (unrestricted & restricted) Category B Commercial-in-Confidence (confidential) Category C Patient-in-Confidence (secret)
Copyright 2013, Integrated Health Information Systems Pte Ltd.
Information Categories
Cat A General, Non-Confidential
Internet-based information Personal emails (Yahoo, Gmail) General hospital/institution information for public consumption
Cat B Commercial-in-Confidence
Business information (invoice, tender or commercially sensitive data)
Corporate data (emails, board papers, inter-departmental communications, company updates) HR and admin data (finance data, personal data, company / staff data)
Cat C Patient-in-Confidence
Patient demographics Patient-related clinical and ancillary Information Emails with Sensitive Information
Corporate Wireless
AD authentication WPA2
AD authentication
AD authentication WPA2
AD authentication
Corporate LAN
A: General, NonConfidential
Direct access via 3G No access to corp. Wifi Full Access after AD Authentication
B: Commercial-inConfidence
Device Registration + 2FA# Transmission encryption MDM in-place
C: Patient-inConfidence
Device Registration + 2FA Transmission encryption MDM in-place Application/Desktop Virtualisation
BYOD
Corporate
Tablet PC
Laptop
Device Security
1. Central management console 2. Remote lock and wipe 3. PIN lock policy 1. 2. 3. 4. 1. 2. 3. 4. Application security policy Data encryption Data fading Enterprise data boundary Lockdown security Certificate distribution Password enforcement End-user awareness and training
Network Security
Encryption
Provide or configure encryption on the device
Application Control
Manage the applications available to the user on the device. This include blacklisting or whitelisting of applications, placing limitations on applications that can be installed or provisioning applications to the device
Device Wipe
Perform or result in a complete erase of data on the device
Device Firewall*
Provide device firewall that examines and applies a policy to all traffic inbound to the device over network connections
Antimalware
Examines files on the device for malicious software
*may not be possible on iOS devices
Copyright 2013, Integrated Health Information Systems Pte Ltd.
2013
D
D M I
2014
D M
2015
D
Remarks
iPhone, iPod Touch (2nd Gen.)
iPhone 3GS-5, iPad & mini iPhone 3GS-5, iPad & mini iPhone 4-5, iPad & Mini (2nd Gen)
Android 2.3.x
Android 3.3 Android 4.x Windows Mobile 6.x Windows Phone 7, 7.5 Windows Phone 8
D
M I D M I
D M D M Legend:
D D
P I M D
Gingerbread
Honeycomb Ice-cream Sandwich, Jellybean
Pilot Invest, technology ready for mainstream deployment Maintain, new implementation not encouraged Technology reaches End-of-Support, to be discontinued
Process Standardization
Rehab Order & Notes Discharge Medication Management Integrated Appointment Patient Tracking Bed Management Admission & Financial Counselling
Copyright 2013, Integrated Health Information Systems Pte Ltd.
Content Creation
Content Review
Supporting Care
New Innovations
Vital Signs Monitoring Telehealth
Researchers print biometric sensors directly on skin, make wearable health monitors more durable
THANK YOU