Security News

Preparing Health IT Infrastructure for BYOD Environments

Integrating a BYOD strategy for secure mobile access to health IT infrastructure protects secure patient data.

By Elizabeth O'Dowd

Bring-your-own device (BYOD) strategies have been working their way into healthcare organizations over the past few years, giving users access to the healthcare networks and allowing organizations to cut spending on company-owned devices.

BYOD in health IT infrastructure.

Accessing personal and healthcare data on the same device can pose security concerns, but the inevitability of unauthorized BYOD makes implementing a secure way to access the health IT infrastructure a high priority. Giving users a secure way to access the network is the only way to ensure every device connecting to the cloud, personal or commissioned, is doing so securely.

The biggest threat unauthorized BYOD use poses to the healthcare industry is the risk of infecting the network with malware. The IT department can implement every firewall and security precaution, but if users are able to access cloud data on their personal device, any corrupted app can infect the network and potentially make protected health information (PHI) vulnerable. For healthcare organizations in particular, the consequences of compromised electronic health data that violates HIPAA protocols can have legal consequences.   

Cloud solutions provide many benefits to healthcare organizations, but they are also the biggest reason why unauthorized BYOD or shadow IT is possible. Something as simple as checking email on an unsecured device can expose an entire IT infrastructure to malware.  

Shadow IT is a threat to any IT infrastructure because users will access the cloud with a personal device and not realize the risk. Outdated and unsupported apps on personal devices can potentially infect the network if corporate data is accessed. Users may opt for third-party apps such as Dropbox and Google Drive if they are unhappy with the performance, layout, or lack of apps provided by an organization.

Another factor in the rise of BYOD is the consumerization of IT. Privately owned devices and personally accessed applications are being used for business purposes because the technology owned by employees is surpassing the technology offered by organizations. End-users don’t want to use an old, heavy laptop when their personal smartphone or tablet is easier to manage and can do a better job accessing the cloud.

This poses a challenge because when cloud technology is being implemented to take stress off endpoint devices, the last thing an organization wants to do it upgrade those devices. Short of banning the use of personal devices and blocking them from the network, which may not solve the problem, embracing an enterprise mobility management (EMM) solution or secure gateways for cloud access are viable options. Blocking all unauthorized devices from the network can cause problems for guest access.

Allowing employees to use personal devices to access secure data does provide benefits. BYOD strategies can save an organization money on devices and hardware maintenance. If users prefer to access the cloud with their own devices, installing a gateway and container onto the device will keep personal and protected health information separate.

A BYOD solution is typically included in an EMM solution, but it can also be implemented through virtual mobile infrastructure (VMI). VMI is similar to virtual desktop infrastructure (VDI); however, instead of routing desktop OSs to mobile devices, it’s routing mobile OSs to mobile devices by using a container accessed by a gateway. In lieu of accessing any data on the local device, the device is securely connecting to a virtual machine. This method not only gives IT control over the gateway if the device is lost or stolen, but it also keeps the end user's personal information private.

Having a well-defined BYOD policy is the best defense against unauthorized mobile device use.  Educating users on the importance of secure connections will go a long way toward protecting the network as they may not be aware of the potential consequences of an unsecure connection. Providing users with well-vetted, high-quality apps and other digital resources will prevent shadow IT, protecting the network from unauthorized third-party access. Likewise, embracing the way employees want to work improves productivity and decreases the risk of exposing the secure network.

Dig Deeper: