Readers’ Poll – Remote Access VPN Solutions
Posted: May 18, 2012 in Readers' PollTags: enterprise security, IPsec, remote access, remote desktop, SSL, VPN
0
Making Mobile Health Possible, Part 2
Posted: May 17, 2012 in HIPAA, Mobile, Rethink Remote AccessTags: healthcare, IT security, mobile, mobile devices, mobile health, Mobile Security
Earlier this week, we explored the innumerable medical breakthroughs that could stem from mobile health innovations. Today, let’s consider the security considerations to enable this
.
Security Must Be Paramount
Yet, considering how sensitive and valuable medical information is, proper precautions must be taken to secure this data before mobile health can become mainstream. For instance, if hackers or disloyal employees scan or manipulate health data that is sent via mobile applications, the consequences can range from embarrassment to, frankly, death. It’s easy to understand why ensuring these connections are secure is absolutely critical.
Mobile health, however, requires special VPN functionality. For instance, it requires both extremely high security and flexibility. After all, a healthcare application might use a potentially insecure public Wi-Fi network to communicate with the IT system of a hospital or a medical office. In order to maintain security in such a scenario, the VPN client must be able to automatically adapt to these security settings.
The same requirements apply to smartphones and tablets used by nurses in elderly or outpatient care. Such solutions relay patient information—from homes or hospitals—onto the central database, typically via a VPN connection. And so again, the VPN connection must be able to flexibly adapt to various network connections, given some of amount of unpredictability of the locations. Also, considering that many healthcare workers are not trained in technology, the VPNs must be easy to use, so convenience is not traded for security.
There’s no doubt mobile health offers innumerable opportunities to lower the cost of healthcare and infinitely improve efficiencies and convenience. The question is, can we ensure that this is done securely?
Making Mobile Health Possible, Part 1
Posted: May 15, 2012 in Rethink Remote Access, HIPAA, MobileTags: mobile devices, mobile, mhealth, mobile health, Mobile Security
It’s no secret that healthcare is going mobile. According to a recent survey of 250 mobile executives from around the world, 78% said they consider the healthcare vertical to have the most to gain from 4G connectivity. Yet, with the increasing dominance of open platforms, like Android, and the huge diversity of mobile devices, maintaining mobile health security will be an ongoing challenge for healthcare organizations.
This year, a study by Boston Consulting Group and telecommunications company Telenor found that the implementation of mobile health could lower costs of caring for the elderly by 25%, while potentially reducing caretaking costs for the chronically ill by up to 75%, by reducing the amount of in-person medical consultations. Not only would mobile health significantly lower the number of doctor visits required for care, but it could also ensure an overall more integrated and seamless caregiving process.
For instance, consider smartphone apps that can communicate directly with medical personnel or close family members so that vital signs for chronically ill patients can be monitored—and assistance can be offered—in the event of an emergency. This would help lighten the burden on caregivers, enabling them to stay connected with patients and be alerted to any health changes. Beyond this, mobile health has tremendous potential to enable doctors to collaborate on care, accelerate the diagnosis process and much more.
But what about mitigating the security risks around mobile health? We’ll look into that in part two – stay tuned.
ITKnowledgeExchange, Mobile spending trumps all, seeding a business revolution
CIO, VMware Going ‘All In’ with BYOD
Network World, iOS vs. Android in the enterprise
ZDNet UK, IPv6 Security: What you need to know
By Joe Schembri
Last week, I explained why secure remote access is so vital. This week, let’s consider the checklist of must-haves for any remote access policy.
Remote Access Policy Security Checklist
- Antivirus software with real-time protection enabled - Make sure company-approved antivirus software is included on all remote access devices and set to update regularly.
- Required personal firewall - In addition to antivirus software, a personal firewall should be configured and enabled on all remote devices. If a threat is detected all communications should be blocked.
- Defined operating systems - Only allowed operating systems should be able to connect to the corporate network. If your company only uses and supports Windows computers, you should disallow *nix, Macs, etc.
- Time out periods – Should be defined and set to when there is no activity on the computer. If there is no activity for 30 minutes for example, enforce a policy so the connection terminates. Be careful to test and make sure a download or upload triggers activity
- Targeted access to systems while on VPN - Only allow access to necessary internal resources. If a department only accesses one application on your internal network only provide them with access to that application.
- Non-Disclosure Agreement - Vendors, third party companies, and even employees should sign an NDA in order to gain remote access. This will help protect any confidential information.
What’s on your secure, remote access checklist?
Joe Schembri has over 10 years of IT and IT security experience and currently works with Villanova University’s online IT security training program,s including the CISSP certification prep program.
