- Gartner recently released its Critical Capabilities for High-Security Mobility Management report, outlining the subset of enterprise mobility management (EMM) and highlighting the qualities healthcare organizations should look for in a mobile security vendor to protect PHI.
Healthcare business practices operate at a high level of security to protect PHI. Organizations must choose a managed security framework to meet regulatory standards and security needs.
The report compares mobility solutions operating in a variety of ways and allows users to evaluate them on standard criteria that applies to the users’ specific situation.
Vendors were evaluated on features including certifications and awards, secure life cycle management, hardened platform, app security, data security, and hardened VPN.
Vendors were also evaluated on use cases with healthcare being an example of a high-security use case.
Healthcare organizations face fines and penalties and are one of the most targeted verticals. The healthcare industry is highly targeted because of the amount of information that can be taken from a healthcare record including address, SSN, and payment methods.
Several of the top vendors mentioned include BlackBerry, Samsung Electronics, MobileIron, VMware, and Citrix.
BlackBerry came out on top of all use cases, which include government grade, commercial, shared data, shared devices, nonemployee, and bring-your-own device (BYOD).
After analyzing each solution provider, the report discovered that high-security, managed mobility solutions aren’t specific to a single mobile technology market.
The report also found that many of the highest security mobile solutions sacrifice usability and flexibility, which may make them unpopular with users. Higher security mobile solutions may also require specialized hardware and software, which reduced choices for devices and features.
“There are various methods for creating secure environments in software and hardware, using a combination of containers, hardened apps, rights methodologies, server-side controls and other means,” explained report authors. “However, buyers who seek the highest levels of protection may prefer a combined hardware and software solution, and their choices are dwindling. “
“Vendors that own and control their own secure hardware platforms tend to be specialized and expensive, and they usually sell in small quantities, compared with the larger mobility scene,” report authors continued. “Some companies make use of security features in more-accessible and popular hardware platforms, mainly Apple iOS and Samsung Android devices with Enterprise Knox.”
Apple iOS and Samsung Knox both have many EMM features built in. Many mobile security vendors leverage these features in their solutions to smoothly incorporate their solution into the device.
Healthcare organizations are becoming more mobile and it’s critical that their data is protected on the mobile device, as well as when the data is in transit.
Mobile security has matured over the past several years as organizations realize the risks associated with mobile devices, particularly with mobile applications accessing electronic health records and PHI. As security risks surrounding these datasets increase, provider organizations must keep pace with evolving threats.
IT departments must have a strong mobile management strategy in place not only to ensure that all apps are running correctly, but also to detect abnormal behavior that could be a sign of a potential attack.
Gartner suggested that IT security decision-makers responsible for endpoint and mobile security strategies should do the following:
- Choose best-of-breed solutions for each platform they plan to support, if security is their highest priority
- Choose products that will support business processes without undue disruptions or interference, because solutions with high-security qualifications may not meet usability expectations
- Plan tiers of access that support less-secure configurations for less-sensitive tasks, especially in high-security organizations
Healthcare organizations need to consider all of their mobile uses before selecting a mobile security solution. Entities also must consider their future mobile use and select a solution that is both future-proof and flexible.