After initial resistance, IT realized that by supporting mobility they were supporting user productivity. And thus an established industry of mobile device management solutions was born, allowing IT to create policies and strike a balance between data security and mobility.
Today, the Internet of Things (IoT) is shaking things up and forcing IT to face the paradox of security/flexibility once again. Experts predict that by 2020, the market for the Internet of Things will be worth $1 trillion with 50 billion connected devices globally – and only a fraction of them will be traditional mobile devices.
The IoT in Healthcare is already expanding far beyond laptops and smartphones. Almost every medical device can be improved with internet connectivity. But beyond the initial wave of innovation and the increase in connected devices lies an ever-growing mass of big data.
While the benefits of the IoT in Healthcare are indisputable, there is genuine concern about the lack of standards and regulations governing the devices, the difficulty in managing them like other managed devices, and most importantly – how Healthcare IT is safeguarding the data these devices contain and communicate.
Standards for IoT
Like any new technology, IoT devices are developing much faster than industry standards though regulators and industry alliances are already working to bridge the gap. The US Federal Trade Commission (FTC) and the European Commission are currently examining issues around security and privacy and attempting to draft standards to which IoT vendors can adhere.
IoT industry collaboration groups such as the AllSeen Alliance, the Industrial Internet Consortium (IIC), and the Open Interconnect Consortium (OIC) are helping to define the wireless connectivity requirements of IoT devices. These organizations work towards ensuring interoperability between devices, regardless of form factor, operating system or provider. They are also attempting to define certification requirements and compliance testing.
New standards and regulations around the IoT will likely mean equal measures of pain and pleasure for IT managers. But these changes will ultimately result in a secure, manageable and sustainable environment of connected, intelligent devices. Standards and regulations will also provide organizations with clarity when it comes treading on the right side of regulatory compliance.
Managing the “things”
There are some disconcerting stories of Shadow IT (IoT devices existing undetected in a seemingly managed environment), but don’t let these exceptions influence best practices. Conduct risk assessments on your current and planned IoT environments and understand how the devices are communicating, then formalize a plan of action to ensure your networks and data are secure.
The good news is that many of the challenges that IT addressed during the mobile revolution are applicable with the IoT. Healthcare IT already has an arsenal of tools to maintain compliance with data security regulations. Along with encryption of data in motion and at rest, encryption of hardware, and airtight BYOD policies, here are some further steps you can take to mitigate the risk of the IoT.
Tips to mitigate risk
- Get to know your “Things.” Analyze the data generated by your IoT devices to understand how they communicate. Use a sandboxed network with only outbound connections for each device and close off debug access points that are often manipulated by hackers.
- Keep networks separate. We live in a world where Wi-Fi is everywhere – even patients expect internet access. Create subnetworks for visitors and patients and limit guest activity to the browser. This will effectively containerize your important business applications and internal communications networks and separate them from public traffic.
- Secure IoT devices by applying the same security principles you apply to traditional and mobile devices – authentication, encryption, and protocols such as automated software patching. Also, check with your IoT vendors to ensure your IoT devices have a secure mechanism to update their firmware remotely.
Smart processes pave the way for smart devices
For healthcare IT and administration, perhaps it is less about predicting what’s next but instead being properly prepared to accommodate future devices and the security and compliance issues that surround them.
Follow IT management best practices including laying the foundation for the infrastructure and putting in place the compliance and security processes to support change, from device management to network access. And – most importantly – focus on data security, particularly around patient and employee information. Then when new healthcare devices come along, IT will be ahead of the game.