I’ve written many times about the Bring Your Own Device movement (BYOD) and the need for increasing security controls. 
For years, we’ve controlled device settings on Blackberry devices with the Blackberry Enterprise Server (BES). We force passwords, encryption, and device memory wipes for ten failed passwords so that every user has enterprise enforced security
With iPhones and Android devices it’s harder to control settings and behavior on personal equipment.
We think the best we can do within the limitations of present server-side technology is to enforce the use of passwords on all devices using Active Sync, require a timeout of 10 minutes, and eliminate the use of the most simple passwords (1234, 1111 etc). Microsoft Exchange/Active Sync can query the device for the settings currently in place and only synchronize email if the device adheres to enterprise security policies.
We’ll eliminate support for POP and IMAP protocols because these cannot be used to inspect and enforce desirable device settings.
We’ve debated the use of settings that automatically wipe the device for 10 failed password attempts, as we do with Blackberry. However, given that we cannot selectively purge corporate verses personal data, we’ll likely avoid that setting for now.
BYOD management is a journey. Server side tools that inspect personal devices and only allow synchronization of corporate data such as email when settings are consistent with policies seem like a cool solution.
In the future, we may add client software (Mobile Device Management) to each device to provide more control over encryption on Android devices and permit selective memory wiping of corporate data.
I welcome comments on what others have done. BYOD is here to stay. Compliance and IT departments need to collaborate on a set of policies and technologies that will meet the needs of regulatory requirements while maintaining service capabilities and user productivity.
Reserve your seat now for MedCity CONVERGE, to be held July 9-10 in Philadelphia. Discover strategies, solutions and startups in healthcare innovation. Be a part of this gathering where the entire healthcare ecosystem converges.
By Dr. John D. Halamka
Dr. John D. Halamka is chief information officer and dean for technology at Harvard Medical School who writes at Life as a Healthcare CIO.Visit website | More posts by Author
Thanks, different security system and measures are developed and applied to mobile,from security in different layer of software to dissemination of information to end user.
http://www.i2k2.com/
Thanks Dr. John D for awesome write up with (BYOD)! BYOD its acronym is bring your own device what is helpful to increase security control. Thanks! :)
That last comment posted by mistake... As I was mentioning, other institutions adopting Good for their Exchange data. And there are also many MDM solutions available, which enable you to wipe specific apps (and their data) without wiping the entire device. For real-time messaging there are many alternatives including our Care Thread platform. We store no data on local devices - so nothing needs to be wiped in response to a breach. And unlike other non-clinical solutions, we integrate with hospital ADT systems so messages can be associated with patients, and care teams can quickly see which providers are caring for their patients, ensuring that the right information goes to the right provider. We're already pursuing a research grant with clinicians at the Brigham, so we can easily integrate with the Partners SOA.
We've talked with a New England health center using are using Good for Enterprise for
TigerText is a secure mobile messaging platform that offers a solution to this problem by allowing healthcare enterprises to create a private and secure mobile messaging network with their employees’ smartphones. It offers controlled platform that is HIPAA compliant and replaces the unsecured SMS text message that leaves protected health information and other confidential data at risk. The speed, compatibility, and ease of TigerText increases workflow and physician and nurse satisfaction. Users can communicate from any computer or smartphone with key features that include an integrated company directory, delivery and read notifications, user controlled message lifespan, group messaging, and file sharing. Administrators have control of their network with the ability to manage their user’s settings which include an option to require a pin lock for users, as well as a remote wipe option to remove all messages from a user’s phone. You can visit www.tigertext.com for more information on this enterprise solution.
Dr. Halamka. As the CEO of a mobile data loss prevention (DLP) company addressing the needs of the Enterprise to allow the enabling of BYOD, I thought your comments were right on target. We're developing a unique mobile DLP capability for Android (initially) which manages and protects enterprise data via controlling the apps which have access to (and can "do things with") that data. We have an end to end solution, comprising device side software that executes policies it receives from our security management console. The device side software is available on Google Play and the Amazon Appstore for Android (optimized for the Kindle Fire). The security management console will be available at the beginning of July (in beta). Would welcome the opportunity to include your organization in our (free) beta program.