Issuu on Google+

Digital Security and Mobility in Health

Michael Aboltins Technology Manager, Loop Technology Graham Harvey Security Engineer, McAfee


Agenda 8:45am Digital Security and Mobility in Health Michael Aboltins, Loop Technology 9:15am Networking & Light Breakfast 9:30am Technology Demonstration 9:55am Wrap-Up & Questions 10:00am Finish


Loop Technology approach to security


Experience in Health


The consumerisation of IT The wave has hit …. “Health organisationsis Consumerisation will need totoexpand ‘The need well underway their of respond effectively 95%use of the workers wireless/mobility to individual who responded to solutions demandto for use of a recent IDC accommodate an consumer Australian survey evolving high-and technologies haveinteraction’ used performance social technology they workplace.” was highlighted as purchased Key Issues one of thefor 3 main Healthcare Delivery predictions forfor 2011 themselves Organisations, 2011, by Gartner. work. Gartner

Use personal device for work Don't use personal device for work 2010 IDC Consumerisation of IT in Australia Study, IDC


Mobile Computing in our pockets Market Drivers • Work/share/play anywhere • No longer just a phone • Social networking driving cloud computing • New services e.g. GPS & Mapping • Greater productivity • Lower capex cost • Benefits of “BYO computing”


Mobility in Health Aim: Improving patient care • • • • • • • •

Increased patient contact Increased access to information More informed care decisions Improved patient safety Patients getting better, sooner Improved efficiency Reducing administrative overheads Greater flexibility – both on and off site • Making clinicians lives easier!


Mobile Computing Applications Medical professional tools • Websites e.g. PubMed, Medical Journals & drug information • Patient monitoring & care tools e.g. iSoft Mobile Patient Management, AirStrip Cardiology • Health tailored apps e.g. radiology tools • Medical instruments e.g. Ultrasound & Cardio


Mobile Computing Applications Patient tools • Diabetes training and information tools • Drug feedback & reminder tools • Other monitoring tools Administration tools • Timesheet applications • Leave request & payroll tools • Medical records and management • Booking of hospital services • Outpatient reminders & management


Mobile Computing Risk • Patient privacy risk through loss/theft of data • Vulnerable to threats - Malware • Infection of other devices Mobile Malware Growth by quarter

Source: McAfee Threats Report, Q4 2010

The number of new mobile malware in 2010 increased by 46% compared with 2009.


Mobile Risk – Risk vs Reward

Risk Functionality


Mobility – Say Yes!


Mobile Risk Mobile Threats by Hardware and software platform, 2009 - 2010

Source: McAfee Threats Report, Q4 2010


Mobility strategy Policy

Information Handling policy

Acceptable Use Policy •Personal equipment Policy

Access management Policy •Contractor policy •Home Computing policy

Training

User awareness

Technical Security update training

Product/ solution training

Risk reviews Mobile computing review

Firewall/ gateway review

System/mail server security review Vulnerability scan / Penetration testing

Technical Controls Central Management suite

Point products •Anti-virus •Backup •Location aware controls

Data Loss prevention •DLP clients •Remote wipe tools •Encryption tools


Mobility strategy - Policy • • • • • •

Information Handling Acceptable Use Access Management Incident Handling Mobility/ BYO Policy Contractor policy


Mobility strategy Policy

Information Handling policy

Training

Risk reviews

User awareness

Mobile computing review

•Personal equipment Policy

Technical Security update training

Firewall/ gateway review

Access management Policy

Product/ solution training

System/mail server security review

Acceptable Use Policy

•Contractor policy •Home Computing policy

Vulnerability scan / Penetration testing

Technical Controls Central Management suite

Point products •Anti-virus •Backup •Location aware controls

Data Loss prevention •DLP clients •Remote wipe tools •Encryption tools


Mobility controls Policy

Information Handling policy

Training

Risk reviews

User awareness

Mobile computing review

•Personal equipment Policy

Technical Security update training

Firewall/ gateway review

Access management Policy

Product/ solution training

System/mail server security review

Acceptable Use Policy

•Contractor policy •Home Computing policy

Vulnerability scan / Penetration testing

Technical Controls Central Management suite

Point products •Anti-virus •Backup •Location aware controls

Data Loss prevention •DLP clients •Remote wipe tools •Encryption tools


Mobility strategy Policy

Information Handling policy

Training

Risk reviews

User awareness

Mobile computing review

•Personal equipment Policy

Technical Security update training

Firewall/ gateway review

Access management Policy

Product/ solution training

System/mail server security review

Acceptable Use Policy

•Contractor policy •Home Computing policy

Vulnerability scan / Penetration testing

Technical Controls Central Management suite

Point products •Anti-virus •Backup •Location aware controls

Data Loss prevention •DLP clients •Remote wipe tools •Encryption tools


Technical controls to lower risk iPhone • Enforce encrypted email • Prevent jail-broken phones from connecting • Able to remote wipe • Reporting tools All other platforms • Above plus.. • Anti-virus / anti-malware • New tools as they become available


Reduce risk with EMM

Risk without EMM Point products AV etc

Risk with EMM deployed


Networking Break & Light Breakfast 9:30am Technology Demonstration Graham Harvey, Security Engineer McAfee


McAfee Enterprise Mobility Management Securing Mobile Applications


Empowering Enterprise Mobility • Secure – Manages native security settings – Enforces device compliance – Extends the security infrastructure via ePO – Integrates with the data center

iPad

Enterprise Environment Messaging

Android Applications

iPhone

• Easy – Simple administration and reporting via ePO – User self-service provisioning – Device personalization for user productivity

Directory

• Scalable – Scales to 10s of 1,000s of devices – Supports HA and DR configurations 23

McAfee EMM

Win 7 & WinMo

Certificate Services

BlackBerry Files

webOS Database

Symbian

VPN April 11, 2011


The Right Life Cycle for Mobile Device Management Enterprise Application Management Make apps available in a secure, role-based way. Offer apps for download, links to third-party app stores, and web links.

Provisioning Define security policies, network connectivity, and resources; users self-service provision for automatic device personalization.

Application Management IT Operations Support Visualize and manage devices centrally through McAfee ePO integration.

IT Operations Support

ePO ePO

Compliance Compliance Automatically check devices prior to network access.

24

Provisioning

Security & Authentication

Policy Management

Security and Authentication Enable devices to strongly authenticate against Microsoft CA. Supports two-factor authentication.

Policy Management Remotely perform helpdesk tasks and push security policies and configuration updates over-the-air.

April 11, 2011


Self-Service Provisioning for iPhone 1

2

optional

Go to the App Store

25

Enter Your Email Credentials

3

Agree to Corporate Policy

4

IT Services are AutoProvisioned

Easy, Automated Easy, Secure, Secure, Automated April 11, 2011


Self-Service Provisioning for Android 1

Go to the Marketplace

2

Enter Your Email Credentials

3

Agree to Corporate Policy

4

IT Services are AutoProvisioned

Easy, Secure, Automated 26

April 11, 2011


Industry Standard PKI for Strong Authentication

Industry-Standard Security: Microsoft Certificate Authority

Benefits: • Industry-standard security • Strong authentication for secure access to communications services such as Wi-Fi and VPN • Strong authentication for secure push email and other applications • Single sign on for enhanced user experience • No impact on battery life

27

27

April 11, 2011


Enterprise Application Store • Recommend and make applications securely available based on group, role, or device type. – Custom corporate applications – Third-party applications (Apple App Store or Android Marketplace) – Webclips

• Device application inventory, audit, and policy management 28


Centralized Visibility and Control with ePO

Compliance reports are based on systems we know about

29


Centralized Visibility and Control with ePO

What we don’t manage is where compliance status is unknown

30


Centralized Visibility and Control with ePO

Bringing all endpoints into compliance status view is critical to assessing risk and prioritizing actions

31


Security Solutions for Consumerization of IT Consumerization of IT Mobile Devices

Laptops and Desktops

IT Issued

BYO

BYO

Un-Managed

Network Access Control:

32

Managed McAfee MOVE VDI

McAfee NAC Appliance / Network Security Platform

Web Applications & DLP:

Security Infrastructure:

IT Issued

McAfee MNAC, Suites, Encryption

McAfee EMM and WaveSecure

Virtualized Desktops

McAfee Firewall / Web Appliance / Network DLP

McAfee ePO, Endpoint, Network, Content, Compliance Portfolio April 11, 2011


Mobility controls Policy

Training

Information Handling policy

User awareness training

Risk reviews Mobile computing review

SECURE MOBILITY STRATEGY

Acceptable Use Policy •Personal equipment Policy

Access management Policy •Contractor policy •Home Computing policy

Technical Security update training

Product/ solution training

Firewall/ gateway review

System/mail server security review

Vulnerability scan / Penetration testing

Technical Controls Central Management suite

Point products •Anti-virus •Backup •Location aware controls

Data Loss prevention •DLP clients •Remote wipe tools •Encryption tools


Questions?


MOBILITY ISSUE IN HEALTHCARE