GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
CoITus {TASK.to September 2012}
1. C O IT US
A look at the business, technical and regulatory challenges encountered in
a real life BYOD initiative
2. S ETTING
Healthcare organization
• Broader provincial public service
• Provider of common infrastructure and key clinical application to a
federation of organizations across the province
3. P RESSURES
Department Managers showing up with iPads
Privacy/Security reaction to the above
Preponderance of tablet app stories within the health care sector
Reality of working in hospital ward rooms
4. B OYS AND THEIR TOYS
Influential managers start bringing their personal devices to the
office, getting wireless access and connecting to the mail system
Initial reaction from privacy /security: “No!”
Initial reaction from infrastructure: “How and why?”
• Horrid reality of mail system configuration
• Horrid reality of access to internal wireless
5. B OYS AND THEIR TOYS (H OW )
Turns out the mail system (hosted by an external party) was
configured differently than we were led to believe or remembered
hearing about
• That’s code for the “barn doors never actually closed and the horses
have been running for quite some time”
Access requirement for wireless access was a satisficing solution
• Stronger options were available, but underlying infrastructure
components to support these were not in place
6. B OYS AND THEIR TOYS (W HY )
Fact: managers who spend all day in meetings don’t like lugging
Windows notebooks around all day (no real surprise)
Also turns out that Tablet PC hardware doesn’t cut the mustard
either (also not a surprise)
Is there a business case here? Perhaps, perhaps not
7. T HE BIG “N O !”
Privacy/Security had legitimate worries about the nature of data
being circulated through email
There were deemed to be compensating controls on managed
endpoints, including drive encryption and destruction protocols
No real controls of any sort on these “new” endpoints*
*future investigation would reveal that this was anything but new
8. T HE BIG “N O !”
Privacy /Security raised legitimate (at the time) concerns over the
encryption capabilities of these devices
Also, concerns over jailbreaks
• Exacerbated by security illiteracy, to wit: “jailbreaking will be
impossible in the next version; the vendor says so, it must be true.”
• Vendors were dropping jailbreak detection features
9. E VERYBODY ELSE IS DOING IT
A glut of stories of tablet “successes” within the sector
Interest of upper management is piqued
Many of these cause concerns as we dug deeper
• Clinical apps developed by students
• Device & data management details are either unavailable or very, very
sketchy
• Uncertainty as to how the then-current hardware and software
complies with PHIPA orders for the encryption of mobile devices
• Not a lot of sharing in the community about these initiatives
10. E VERYBODY ELSE IS DOING IT
Warning: this slide consists of editorial commentary
Consensus in working group re: mobile app security in healthcare:
many talking, few doing, surpassing few doing well
11. T HE BUSINESS HAS A PROBLEM
One of the federated agencies came to the table with a request to
tablet-ify one of the key systems in use province wide
Not technically clinical data, though still dealing with PHI
Vendor already had iOS version in the works
New product manager had come on board with mobile solution in
portfolio
CIO made mobile management a priority
12. T HE BUSINESS HAS A PROBLEM
The root of the issue in the field was space
• Ever been in a hospital ward room?
• Would you want to lug a laptop around and try to use it bedside?
Tablet form factor, weight and touch interface offered significant
improvements for field staff
Infection protocols taken care of; there were already wraps on the
market for tablets
• Easier to bring into compliance than traditional notebooks
13. T HE BIG “N O !” REDUX
Serious privacy concerns with respect to integrated cameras
• Notebooks issued never had webcams for this reason
Concerns with voice recognition features shipping data hither and
yon
• Which they do in fact do… sometimes in plain text
“No apps!”
14. T HE BIG “N O !” REDUX
That’s right.
“No apps!”
As a modern mobile device policy
This wasn’t even enforced on the Blackberry fleet
• Editorial: not that anyone would’ve wept over losing access to App
World
15. T HE BUSINESS WANTS
SOLUTIONS
The mobile app project was in flight, with executive approval
The missing piece for privacy/security approval was management
of devices
• Essentially BES for non-Blackberry devices
MDM became a priority
16. M ANAGEMENT R EQUIREMENTS
Stronger identity for network access
Application deployment
Application control
Device inventory
Enforce encryption
Remote wipe
17. C HALLENGES
Consistency of capability is a problem… for some platforms
Managing Apple is easy
Managing Android will make you pull your hair out and drink
blood from human skulls while you plot the annihilation of all life is
getting better
Managing Windows Phone 7…
Managing Symbian…
18. C HALLENGES
Why care about all of these platforms?
They all showed up in the web log accessing the mail server
BYOD was, effectively, already happening
There was no “pay to play”
No idea what was on the WLAN…
19. “S OLUTIONS ”
MDM solution put in place as pilot; tied into the mobile app pilot
project
Able to offer applications to users based on their role in the
organisation
Able to enforce controls on the app version
Solved some issues; revealed more
20. N EW P ROBLEMS
Most MDM solutions are designed after the pattern of
configuration management systems
Works to a point
After much discussion with Privacy/Security, their chief
requirement was isolated:
How can we manage the data?
21. N EW P ROBLEMS
Realistically speaking, managing the data on traditional endpoints
doesn’t really happen
Many solutions exist to work around this issue
Not many of these solutions lend themselves to a decent/usable
mobile device experience
There is a need to manage how the applications deployed to
mobile devices handle their data
22. N EW P ROBLEMS
Some device management solutions do this to a degree
Coarse-grained solutions
Finer control is not generally available
Hard to audit and attest
This is not necessarily the role of MDM
This should probably be built in behaviour of apps
• Especially home grown apps