"It is clear that there is a growing chasm between healthcare providers that view mobile as just another communication channel and those that are using mobile solutions to transform the way they provide care."
Andrew Milburn, PA MOBILE business EXPERT
Organisations are enthusiastically pursuing the opportunities modern mobile solutions offer. All too often, the security aspects are forgotten or become an after thought, leading to serious risks, delivery delays and unnecessary expense. Organisations can avoid this happening by asking two key questions early on - what do we need to protect and what do we need to protect it from?
One of the most valuable assets an organisation possesses is its information. When introducing a mobile solution, a detailed view needs to be in place as to what information assets are used and what the value is. This gives the basis of what needs to be protected - whether that is data:
available on a device
a device can create or
a device can access.
The security threats a mobile solution is exposed to vary significantly based on the device(s) in use, the environment it is used in and how users interact day-to-day. While there is no standard set of threats, there are six key themes of vulnerability that must be explored for every solution:
Threat to the data ‘in flight’: each network a device passes data through (mobile network, internet, VPN etc) carries a risk of information being intercepted (so effectively lost) or being spooked (i.e. generating false records)
Threat to the data ‘at rest’: if the device were to fall in to the wrong hands, data that is physically stored could be retrieved. Simply encrypting the data is rarely enough
Threat from unauthorised access: possession of a device can give a malicious user an easy route to access information stored on the organisations back-end systems - for example, through unauthorised use of applications or by the devices status as a trusted connection
Threat from network attacks: as with any other network attached device, it as at the mercy of attacks from other users of the network. The more connections in use (GPRS, WiFi etc.), the greater the exposure. The vulnerabilities often come from the operating system itself. This is risk compounded by the diverse and rapidly evolving nature of mobile operating systems
Threat from malicious software: mobile operating systems are increasingly treating installed applications with a higher level of trust. While this allows greater functional richness, it increases the possibility for viruses or maliciously targeted software to create problems
Threat from legitimate users: whether intentionally or accidentally, users need to be prevented from having opportunity to circumvent or disable the security mechanisms put in place.
Security must become one of the key design considerations for a mobile solution. By asking the right questions (what to protect and what to protect from) at the right time, the technologies and mechanisms most appropriate for the solution can be selected - protecting what is most important without wasting money on areas that don't address the core threats.
To find out how our mobile business team can help you create a robust mobile strategy, please contact us now.