SlideShare une entreprise Scribd logo

Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD

Sierraware
Sierraware

Simplifying BYOD deployments while satisfying HIPAA and other healthcare regulations. Virtual Mobile Infrastructure with strong biometric authentication and 4096-bit encryption. Android-based VDI for mobile security.

Technologie
1  sur  29
Télécharger pour lire hors ligne
Your Roadmap to Healthcare Security and BYOD
Healthcare Security Checklist Protect PHI  Mitigate BYOD risks  Apply dual factor authentication  Encrypt PHI data Develop repeatable processes for compliance Implement procedures and technologies
Healthcare Security Risks 96% of healthcare providers had one or more data breaches in the past 2 years1 1 Dell Secureworks 2 2014 Healthcare Breach Report. Data Loss 68% of healthcare breaches are due to lost or stolen mobile devices or files2 Impact of BYOD
BYOD: A Reality for Healthcare Providers  Healthcare IT is already rolling out mobile apps to improve productivity and patient care – 2 out of 5 doctors already use mobile devices during consultations1  Yet mobility also presents a threat… – 3.1M smartphones were stolen in the U.S. in 20131 Source: Dell SecureWorks
Top Mobile Risks for Healthcare Lost mobile devices Stolen mobile devices Downloading of viruses and malware Unintentional disclosure to unauthorized users Unsecure Wi-fi networks Source: HealthIT.gov, Mobile Devices: Know the Risks
5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 1.Access Control: Limit users rights to business need-to-know – Unique User Identification – Emergency Access Procedure – Automatic Logoff – Encryption and Decryption
Access Control Audit Control 2. Audit Control: Implement hardware, software, or procedural mechanisms that record and examine access to ePHI 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Transmission Security Integrity Person or Entity Authentication
5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 3. Integrity: Implement policies and procedures to protect ePHI from improper alteration or destruction
5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 4. Person or Entity Authentication: Verify that users seeking access to ePHI are who they say they are – Biometric, smartcard, pin/passcode, token
5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 5. Transmission Security: Prevent unauthorized access to ePHI that is being transmitted over a network. – Integrity: Prevent modification or tampering of ePHI data in transit – Encryption: Encrypt ePHI whenever appropriate
BYOD Challenges the 5 Pillars of Security Transmission Security Person or Entity Authentication Audit ControlAccess Control Integrity Difficult to audit mobile activity since doctors may share PHI with patients via email or text messaging apps Every app may have different authentication methods; they may not support biometric or PIN/passcode methods Mobile apps may not use stringent SSL ciphers or even encrypt data at all IT must define distinct policies for different users, mobile apps and devices—a management nightmare Controls must be applied to prevent accidental deletion or alteration of PHI from mobile devices
Risks of Uncontrolled Devices Weak Encryption No support for strong authentication Unpatched application Stores PHI on phone No auditing of user access Unpatched phone OS In violation of HIPAA compliance requirements
IT Management and Training  IT will likely need to help doctors install mobile apps – They may also need to assist users through upgrades  If apps vary by device, IT will need to provide separate app training for Apple, Android, Microsoft or HTML5 users
Mobile Device Management Not Working 20% of enterprise BYOD programs will fail due to MDM measures that are too restrictive.1 1 2014 MDM research report by ESG 2 2014 Employee BYOD Survey by Zixcorp 3 Gartner 2014 Mobility Predictions; original quote spelled out BYOD and MDM. For IT TeamsFor Employees 43% worry that employers could access personal data2 30% are concerned their employer could control their personal device2 30% say MDM is more difficult to use than they anticipated1
VDI Isn’t the Solution for BYOD Expensive VDI Shortcomings – Not designed for touch – No multimedia redirection – No access to camera, printer, video, GPS Total cost for Microsoft VDI, Citrix, and hardware is $1,000+ per user1 Not designed for cellular edge, 3G networks 1 Microsoft Desktop OS $187 per user, Citrix $300/user Requires High Bandwidth Designed for Windows
Virtual Mobile Infrastructure The Roadmap for Healthcare Security Requires…
Virtual Mobile Infrastructure (VMI) VMI is a service that hosts mobile apps or full operating systems on remote servers Provide remote access to:  Android, Apple iOS and Windows Phone with client apps  Any HTML 5-enabled device Centralize app management to:  Eliminate need to install and upgrade apps on every device
VMI Benefits for Healthcare Providers Stop data loss by preventing users from downloading data to their device Lower IT costs by eliminating mobile app management per device Extend mobile access to all users and devices with a HTML5 browser Meet compliance by monitoring data access
SierraVMI Keeps PHI Data Safe SierraVMI Shields Healthcare Data 4096-bit ECDHE Encryption Dual factor authentication SierraVMI: • Records healthcare app access • Stores app data securely in the data center • IT can centrally upgrade mobile apps Medical professional
SierraVMI Deployment SierraVMI hosted in Secure Data Center Authentication Server Laptop Tablet Phone Databases with PHI data
Mobile App Virtualization Architecture Android VM Kernel Multi-User Android Runtime VMI Security Gateway Pharma App Patient Messaging App PHI App Clients Authentication Server Benefits  Very high density  Apps can share resources like CPU  Easy to manage  No need for expensive storage Firefall containerFirefall containerFirefall container
Monitor User and Application Activity  Dashboard of system status  Detailed logs of user activity  Geo-tracking
User Monitoring  Record user sessions for forensics  Allow admins to view up to 8 active sessions
Prevent Data Loss  Watermarking deters users from photographing screens – Watermark all content including documents, video, pictures with no additional overhead  Anti-screen capture prevents users from taking screenshots  With VMI, no data is downloaded to the phone – Users cannot copy and paste text
Strong Authentication Prevent unauthorized access with: – Client certificates – One-time password (sent via text message) – Restricting access based on geographic location – Brute force login protection Ensure only legitimate users access your data
Single Sign-on to Streamline Management  Integrate with LDAP, Active Directory or SAML  Access email, calendar, contacts, and business apps without needing to re- authenticate  Automate app provisioning  Reduce IT helpdesk calls due to forgotten passwords  Improve user experience by eliminating extra login steps IT Cost ReductionDirectory Services Integration
 Centralized data storage  Prevent data loss from device theft  Centralized patch management  Eliminate concerns of devices with vulnerable or unpatched software  Regularly scan Android server for viruses and vulnerabilities Simplify and Secure Mobile App Management
SierraVMI Benefits for Healthcare Compliance: Ensure privacy and prevent data loss Security: Strong authentication, 4096-bit encryption Scalability: High user density, high performance
www.sierraware.com Click now to view SierraVMI

Recommandé

Salesforce
Salesforce Salesforce
Salesforce Sonali Gupta
 
Data governance-for-dummies
Data governance-for-dummiesData governance-for-dummies
Data governance-for-dummiesManfred Gramlich
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptxmasbulosoke
 
Marlabs Capabilities Overview: IT Services
Marlabs Capabilities Overview: IT ServicesMarlabs Capabilities Overview: IT Services
Marlabs Capabilities Overview: IT ServicesMarlabs
 
Managing outsource IT contracts - Transition management
Managing outsource IT contracts - Transition managementManaging outsource IT contracts - Transition management
Managing outsource IT contracts - Transition managementRonald Bartels
 
Implementing Service Level Management (SLM) - PPT
Implementing Service Level Management (SLM) - PPTImplementing Service Level Management (SLM) - PPT
Implementing Service Level Management (SLM) - PPTFlevy.com Best Practices
 
Managed Services Overview
Managed Services OverviewManaged Services Overview
Managed Services OverviewSVAM International, Inc.
 
Asset Management General Outline
Asset Management General OutlineAsset Management General Outline
Asset Management General OutlinePhil Richardson CD, CSM-Senior Vice President
 

Recommandé

Salesforce
Salesforce Salesforce
Salesforce Sonali Gupta
 
Data governance-for-dummies
Data governance-for-dummiesData governance-for-dummies
Data governance-for-dummiesManfred Gramlich
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptxmasbulosoke
 
Marlabs Capabilities Overview: IT Services
Marlabs Capabilities Overview: IT ServicesMarlabs Capabilities Overview: IT Services
Marlabs Capabilities Overview: IT ServicesMarlabs
 
Managing outsource IT contracts - Transition management
Managing outsource IT contracts - Transition managementManaging outsource IT contracts - Transition management
Managing outsource IT contracts - Transition managementRonald Bartels
 
Implementing Service Level Management (SLM) - PPT
Implementing Service Level Management (SLM) - PPTImplementing Service Level Management (SLM) - PPT
Implementing Service Level Management (SLM) - PPTFlevy.com Best Practices
 
Managed Services Overview
Managed Services OverviewManaged Services Overview
Managed Services OverviewSVAM International, Inc.
 
Asset Management General Outline
Asset Management General OutlineAsset Management General Outline
Asset Management General OutlinePhil Richardson CD, CSM-Senior Vice President
 
Bi 4.0 Migration Strategy and Best Practices
Bi 4.0 Migration Strategy and Best PracticesBi 4.0 Migration Strategy and Best Practices
Bi 4.0 Migration Strategy and Best PracticesEric Molner
 
Medeil - Pharmacy Management software
Medeil - Pharmacy Management softwareMedeil - Pharmacy Management software
Medeil - Pharmacy Management softwareSethuraman Anandanatarajan
 
Is the traditional data warehouse dead?
Is the traditional data warehouse dead?Is the traditional data warehouse dead?
Is the traditional data warehouse dead?James Serra
 
Visitor Management SOlution
Visitor Management SOlutionVisitor Management SOlution
Visitor Management SOlutionVIKAS MODI
 
Hospital Management System-out patient Detail
Hospital Management System-out patient DetailHospital Management System-out patient Detail
Hospital Management System-out patient DetailYogiji Creations
 
Designing the active directory logical structure
Designing the active directory logical structureDesigning the active directory logical structure
Designing the active directory logical structureJohn Carlo Catacutan
 
Active Directory component
Active Directory componentActive Directory component
Active Directory componentkuldeep singh shishodia
 
Understanding basics of software development and healthcare
Understanding basics of software development and healthcareUnderstanding basics of software development and healthcare
Understanding basics of software development and healthcareBharadwaj PV
 
Visitor Management System
Visitor Management SystemVisitor Management System
Visitor Management SystemRITESH HELONDE
 
Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...
Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...
Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...Denodo
 
Hospital Management System SRS
Hospital Management System SRSHospital Management System SRS
Hospital Management System SRSChandresh Prasad
 
Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...
Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...
Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...Oleg Zhuravlev
 
Data warehouse proposal
Data warehouse proposalData warehouse proposal
Data warehouse proposalPeter Macdonald
 
Event management system
Event management systemEvent management system
Event management systemAbhinav Shilwant
 
Managed it services
Managed it servicesManaged it services
Managed it servicesGss America
 
Event management system
Event management systemEvent management system
Event management systemShivamSagar13
 
ITS Managed Services Introduction
ITS Managed Services IntroductionITS Managed Services Introduction
ITS Managed Services IntroductionJorge Sebastiao
 
Loan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep DiveLoan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep DiveMike Walker
 
JIRA Service Desk presentation
JIRA Service Desk presentationJIRA Service Desk presentation
JIRA Service Desk presentationMarko Saha
 
Data Observability.pptx
Data Observability.pptxData Observability.pptx
Data Observability.pptxSonaSamad1
 
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.Sierraware
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and FinanceSierraware
 

Contenu connexe

Tendances

Bi 4.0 Migration Strategy and Best Practices
Bi 4.0 Migration Strategy and Best PracticesBi 4.0 Migration Strategy and Best Practices
Bi 4.0 Migration Strategy and Best PracticesEric Molner
 
Is the traditional data warehouse dead?
Is the traditional data warehouse dead?Is the traditional data warehouse dead?
Is the traditional data warehouse dead?James Serra
 
Visitor Management SOlution
Visitor Management SOlutionVisitor Management SOlution
Visitor Management SOlutionVIKAS MODI
 
Hospital Management System-out patient Detail
Hospital Management System-out patient DetailHospital Management System-out patient Detail
Hospital Management System-out patient DetailYogiji Creations
 
Designing the active directory logical structure
Designing the active directory logical structureDesigning the active directory logical structure
Designing the active directory logical structureJohn Carlo Catacutan
 
Understanding basics of software development and healthcare
Understanding basics of software development and healthcareUnderstanding basics of software development and healthcare
Understanding basics of software development and healthcareBharadwaj PV
 
Visitor Management System
Visitor Management SystemVisitor Management System
Visitor Management SystemRITESH HELONDE
 
Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...
Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...
Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...Denodo
 
Hospital Management System SRS
Hospital Management System SRSHospital Management System SRS
Hospital Management System SRSChandresh Prasad
 
Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...
Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...
Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...Oleg Zhuravlev
 
Managed it services
Managed it servicesManaged it services
Managed it servicesGss America
 
Event management system
Event management systemEvent management system
Event management systemShivamSagar13
 
ITS Managed Services Introduction
ITS Managed Services IntroductionITS Managed Services Introduction
ITS Managed Services IntroductionJorge Sebastiao
 
Loan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep DiveLoan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep DiveMike Walker
 
JIRA Service Desk presentation
JIRA Service Desk presentationJIRA Service Desk presentation
JIRA Service Desk presentationMarko Saha
 
Data Observability.pptx
Data Observability.pptxData Observability.pptx
Data Observability.pptxSonaSamad1
 

Tendances (20)

Bi 4.0 Migration Strategy and Best Practices
Bi 4.0 Migration Strategy and Best PracticesBi 4.0 Migration Strategy and Best Practices
Bi 4.0 Migration Strategy and Best Practices
 
Medeil - Pharmacy Management software
Medeil - Pharmacy Management softwareMedeil - Pharmacy Management software
Medeil - Pharmacy Management software
 
Is the traditional data warehouse dead?
Is the traditional data warehouse dead?Is the traditional data warehouse dead?
Is the traditional data warehouse dead?
 
Visitor Management SOlution
Visitor Management SOlutionVisitor Management SOlution
Visitor Management SOlution
 
Hospital Management System-out patient Detail
Hospital Management System-out patient DetailHospital Management System-out patient Detail
Hospital Management System-out patient Detail
 
Designing the active directory logical structure
Designing the active directory logical structureDesigning the active directory logical structure
Designing the active directory logical structure
 
Active Directory component
Active Directory componentActive Directory component
Active Directory component
 
Understanding basics of software development and healthcare
Understanding basics of software development and healthcareUnderstanding basics of software development and healthcare
Understanding basics of software development and healthcare
 
Visitor Management System
Visitor Management SystemVisitor Management System
Visitor Management System
 
Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...
Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...
Self Service Analytics and a Modern Data Architecture with Data Virtualizatio...
 
Hospital Management System SRS
Hospital Management System SRSHospital Management System SRS
Hospital Management System SRS
 
Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...
Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...
Software proposal sample_project_1-_web_site_development_by_zx_7_of_november_...
 
Data warehouse proposal
Data warehouse proposalData warehouse proposal
Data warehouse proposal
 
Event management system
Event management systemEvent management system
Event management system
 
Managed it services
Managed it servicesManaged it services
Managed it services
 
Event management system
Event management systemEvent management system
Event management system
 
ITS Managed Services Introduction
ITS Managed Services IntroductionITS Managed Services Introduction
ITS Managed Services Introduction
 
Loan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep DiveLoan Origination Reference Architecture Deep Dive
Loan Origination Reference Architecture Deep Dive
 
JIRA Service Desk presentation
JIRA Service Desk presentationJIRA Service Desk presentation
JIRA Service Desk presentation
 
Data Observability.pptx
Data Observability.pptxData Observability.pptx
Data Observability.pptx
 

Similaire à Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD

SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.Sierraware
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and FinanceSierraware
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare ApplicationCitiusTech
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureCalgary Scientific Inc.
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaJim Kaplan CIA CFE
 
Accellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonAccellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonProofpoint
 
IRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle PatternIRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle PatternIRJET Journal
 
IRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET Journal
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Radhakrishnan Govindan
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesrebelreg
 
A case study on BFSI and healthcare
A case study on BFSI and healthcare A case study on BFSI and healthcare
A case study on BFSI and healthcare Anubhuti Pandey
 
Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Walt Maclay
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Rio Valdes
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...Health IT Conference – iHT2
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxArti Parab Academics
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile SecurityArrow ECS UK
 
Mobile monday mhealth
Mobile monday mhealthMobile monday mhealth
Mobile monday mhealthJoe Drumgoole
 

Similaire à Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD (20)

SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
SierraVMI Virtual Mobile Infrastructure (VMI). Android-based VDI.
 
Mobile Security for Banking and Finance
Mobile Security for Banking and FinanceMobile Security for Banking and Finance
Mobile Security for Banking and Finance
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
 
Accellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, LondonAccellion - The European Information Security Summit, London
Accellion - The European Information Security Summit, London
 
IRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle PatternIRJET - Human Identification using Major and Minor Finger Knuckle Pattern
IRJET - Human Identification using Major and Minor Finger Knuckle Pattern
 
IRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle PatternIRJET- Human Identification using Major and Minor Finger Knuckle Pattern
IRJET- Human Identification using Major and Minor Finger Knuckle Pattern
 
Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)Overview of Microsoft Enterprise Mobility & Security(EMS)
Overview of Microsoft Enterprise Mobility & Security(EMS)
 
Ms810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devicesMs810 assignment viruses and malware affecting moblie devices
Ms810 assignment viruses and malware affecting moblie devices
 
A case study on BFSI and healthcare
A case study on BFSI and healthcare A case study on BFSI and healthcare
A case study on BFSI and healthcare
 
Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?Security for Healthcare Devices – Will Your Device Be Good Enough?
Security for Healthcare Devices – Will Your Device Be Good Enough?
 
Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?Security for Healthcare Devices - Will Your Device Be Good Enough?
Security for Healthcare Devices - Will Your Device Be Good Enough?
 
MobileSecurity WhitePaper
MobileSecurity WhitePaperMobileSecurity WhitePaper
MobileSecurity WhitePaper
 
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ..."Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
"Case Studies from the Field: Putting Cyber Security Strategies into Action" ...
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
 
Module 6.pdf
Module 6.pdfModule 6.pdf
Module 6.pdf
 
Module 6.Security in Evolving Technology
Module 6.Security in Evolving TechnologyModule 6.Security in Evolving Technology
Module 6.Security in Evolving Technology
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
 
Mobile monday mhealth
Mobile monday mhealthMobile monday mhealth
Mobile monday mhealth
 

Plus de Sierraware

Sierraware browser isolation
Sierraware browser isolationSierraware browser isolation
Sierraware browser isolationSierraware
 
Sierraware virtual phone
Sierraware virtual phoneSierraware virtual phone
Sierraware virtual phoneSierraware
 
Trustzone secure os tee for mips
Trustzone secure os tee for mipsTrustzone secure os tee for mips
Trustzone secure os tee for mipsSierraware
 
Moving Beyond MDM: Why Legacy Mobile Security Products Don't Work
Moving Beyond MDM: Why Legacy Mobile Security Products Don't WorkMoving Beyond MDM: Why Legacy Mobile Security Products Don't Work
Moving Beyond MDM: Why Legacy Mobile Security Products Don't WorkSierraware
 
Your Shortcut to BYOD Success
Your Shortcut to BYOD SuccessYour Shortcut to BYOD Success
Your Shortcut to BYOD SuccessSierraware
 
Mobile App Virtualization 101
Mobile App Virtualization 101Mobile App Virtualization 101
Mobile App Virtualization 101Sierraware
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMISierraware
 
Sierraware ARM hypervisor
Sierraware ARM hypervisor Sierraware ARM hypervisor
Sierraware ARM hypervisor Sierraware
 

Plus de Sierraware (9)

Sierraware browser isolation
Sierraware browser isolationSierraware browser isolation
Sierraware browser isolation
 
Cloud gaming
Cloud gamingCloud gaming
Cloud gaming
 
Sierraware virtual phone
Sierraware virtual phoneSierraware virtual phone
Sierraware virtual phone
 
Trustzone secure os tee for mips
Trustzone secure os tee for mipsTrustzone secure os tee for mips
Trustzone secure os tee for mips
 
Moving Beyond MDM: Why Legacy Mobile Security Products Don't Work
Moving Beyond MDM: Why Legacy Mobile Security Products Don't WorkMoving Beyond MDM: Why Legacy Mobile Security Products Don't Work
Moving Beyond MDM: Why Legacy Mobile Security Products Don't Work
 
Your Shortcut to BYOD Success
Your Shortcut to BYOD SuccessYour Shortcut to BYOD Success
Your Shortcut to BYOD Success
 
Mobile App Virtualization 101
Mobile App Virtualization 101Mobile App Virtualization 101
Mobile App Virtualization 101
 
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMICut BYOD Costs Using Virtual Mobile Infrastructure - VMI
Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI
 
Sierraware ARM hypervisor
Sierraware ARM hypervisor Sierraware ARM hypervisor
Sierraware ARM hypervisor
 

Dernier

Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

Roadmap to Healthcare HIPAA Compliance and Mobile Security for BYOD

  • 1. Your Roadmap to Healthcare Security and BYOD
  • 2. Healthcare Security Checklist Protect PHI  Mitigate BYOD risks  Apply dual factor authentication  Encrypt PHI data Develop repeatable processes for compliance Implement procedures and technologies
  • 3. Healthcare Security Risks 96% of healthcare providers had one or more data breaches in the past 2 years1 1 Dell Secureworks 2 2014 Healthcare Breach Report. Data Loss 68% of healthcare breaches are due to lost or stolen mobile devices or files2 Impact of BYOD
  • 4. BYOD: A Reality for Healthcare Providers  Healthcare IT is already rolling out mobile apps to improve productivity and patient care – 2 out of 5 doctors already use mobile devices during consultations1  Yet mobility also presents a threat… – 3.1M smartphones were stolen in the U.S. in 20131 Source: Dell SecureWorks
  • 5. Top Mobile Risks for Healthcare Lost mobile devices Stolen mobile devices Downloading of viruses and malware Unintentional disclosure to unauthorized users Unsecure Wi-fi networks Source: HealthIT.gov, Mobile Devices: Know the Risks
  • 6. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 1.Access Control: Limit users rights to business need-to-know – Unique User Identification – Emergency Access Procedure – Automatic Logoff – Encryption and Decryption
  • 7. Access Control Audit Control 2. Audit Control: Implement hardware, software, or procedural mechanisms that record and examine access to ePHI 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Transmission Security Integrity Person or Entity Authentication
  • 8. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 3. Integrity: Implement policies and procedures to protect ePHI from improper alteration or destruction
  • 9. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 4. Person or Entity Authentication: Verify that users seeking access to ePHI are who they say they are – Biometric, smartcard, pin/passcode, token
  • 10. 5 Pillars of Healthcare Security Technical safeguards defined by the U.S. Department of Health & Human Services Access Control Audit Control Transmission Security Integrity Person or Entity Authentication 5. Transmission Security: Prevent unauthorized access to ePHI that is being transmitted over a network. – Integrity: Prevent modification or tampering of ePHI data in transit – Encryption: Encrypt ePHI whenever appropriate
  • 11. BYOD Challenges the 5 Pillars of Security Transmission Security Person or Entity Authentication Audit ControlAccess Control Integrity Difficult to audit mobile activity since doctors may share PHI with patients via email or text messaging apps Every app may have different authentication methods; they may not support biometric or PIN/passcode methods Mobile apps may not use stringent SSL ciphers or even encrypt data at all IT must define distinct policies for different users, mobile apps and devices—a management nightmare Controls must be applied to prevent accidental deletion or alteration of PHI from mobile devices
  • 12. Risks of Uncontrolled Devices Weak Encryption No support for strong authentication Unpatched application Stores PHI on phone No auditing of user access Unpatched phone OS In violation of HIPAA compliance requirements
  • 13. IT Management and Training  IT will likely need to help doctors install mobile apps – They may also need to assist users through upgrades  If apps vary by device, IT will need to provide separate app training for Apple, Android, Microsoft or HTML5 users
  • 14. Mobile Device Management Not Working 20% of enterprise BYOD programs will fail due to MDM measures that are too restrictive.1 1 2014 MDM research report by ESG 2 2014 Employee BYOD Survey by Zixcorp 3 Gartner 2014 Mobility Predictions; original quote spelled out BYOD and MDM. For IT TeamsFor Employees 43% worry that employers could access personal data2 30% are concerned their employer could control their personal device2 30% say MDM is more difficult to use than they anticipated1
  • 15. VDI Isn’t the Solution for BYOD Expensive VDI Shortcomings – Not designed for touch – No multimedia redirection – No access to camera, printer, video, GPS Total cost for Microsoft VDI, Citrix, and hardware is $1,000+ per user1 Not designed for cellular edge, 3G networks 1 Microsoft Desktop OS $187 per user, Citrix $300/user Requires High Bandwidth Designed for Windows
  • 16. Virtual Mobile Infrastructure The Roadmap for Healthcare Security Requires…
  • 17. Virtual Mobile Infrastructure (VMI) VMI is a service that hosts mobile apps or full operating systems on remote servers Provide remote access to:  Android, Apple iOS and Windows Phone with client apps  Any HTML 5-enabled device Centralize app management to:  Eliminate need to install and upgrade apps on every device
  • 18. VMI Benefits for Healthcare Providers Stop data loss by preventing users from downloading data to their device Lower IT costs by eliminating mobile app management per device Extend mobile access to all users and devices with a HTML5 browser Meet compliance by monitoring data access
  • 19. SierraVMI Keeps PHI Data Safe SierraVMI Shields Healthcare Data 4096-bit ECDHE Encryption Dual factor authentication SierraVMI: • Records healthcare app access • Stores app data securely in the data center • IT can centrally upgrade mobile apps Medical professional
  • 20. SierraVMI Deployment SierraVMI hosted in Secure Data Center Authentication Server Laptop Tablet Phone Databases with PHI data
  • 21. Mobile App Virtualization Architecture Android VM Kernel Multi-User Android Runtime VMI Security Gateway Pharma App Patient Messaging App PHI App Clients Authentication Server Benefits  Very high density  Apps can share resources like CPU  Easy to manage  No need for expensive storage Firefall containerFirefall containerFirefall container
  • 22. Monitor User and Application Activity  Dashboard of system status  Detailed logs of user activity  Geo-tracking
  • 23. User Monitoring  Record user sessions for forensics  Allow admins to view up to 8 active sessions
  • 24. Prevent Data Loss  Watermarking deters users from photographing screens – Watermark all content including documents, video, pictures with no additional overhead  Anti-screen capture prevents users from taking screenshots  With VMI, no data is downloaded to the phone – Users cannot copy and paste text
  • 25. Strong Authentication Prevent unauthorized access with: – Client certificates – One-time password (sent via text message) – Restricting access based on geographic location – Brute force login protection Ensure only legitimate users access your data
  • 26. Single Sign-on to Streamline Management  Integrate with LDAP, Active Directory or SAML  Access email, calendar, contacts, and business apps without needing to re- authenticate  Automate app provisioning  Reduce IT helpdesk calls due to forgotten passwords  Improve user experience by eliminating extra login steps IT Cost ReductionDirectory Services Integration
  • 27.  Centralized data storage  Prevent data loss from device theft  Centralized patch management  Eliminate concerns of devices with vulnerable or unpatched software  Regularly scan Android server for viruses and vulnerabilities Simplify and Secure Mobile App Management
  • 28. SierraVMI Benefits for Healthcare Compliance: Ensure privacy and prevent data loss Security: Strong authentication, 4096-bit encryption Scalability: High user density, high performance