Medical University of South Carolina Office of the CIO – Information Services Endpoint Security Team Mobile Device Management March 8, 2012 Mobility Coming of Age at MUSC Device Proliferation App Explosion Healthcare provider adoption soars $ 2010 2011 2012 “That’s Cool!” “That’s Productive” 1,600 Mobile Devices at MUSC 4,800 Mobile Devices at MUSC 7,300 Mobile Devices at MUSC 690 are iPhone, Android or Windows Mobile 900 are Blackberry 4,100 are iPhone, Android or Windows Mobile 700 are Blackberry 7,000 are iPhone, Android or Windows Mobile 300 are Blackberry “Gotta Have It!” How do we manage all these devices? How do we protect our data and network? How can we transform healthcare? Mobile Device Management Office of the CIO – Information Services Endpoint Security Team o What Mobile Device Management can do for MUSC Force devices to always use a password lock Force devices to automatically lock after a defined period of inactivity to facilitate native encryption Forcefully lock and/or unlock a device Locate a device and display its location on a map Force the display of a predefined alert message on the screen such as “If found please call…” Provide real time usage information and statistics Assist communications in provisioning new devices by pushing common settings such as Exchange, WLAN and VPN Mobile Device Management Office of the CIO – Information Services Endpoint Security Team Zenprise and MobileIron rank first and third, respectively, in the latest Gartner MDM product ratings. *Mobile Active Defense was not evaluated due to its lack of support for Blackberry and its high cost. Mobile Device Management Office of the CIO – Information Services Endpoint Security Team Functionality Zenprise Passcode lock requirement Yes Yes Ability to push exchange email credentials to mobile devices. Ability to push MUSC Secure wireless settings to mobile devices Ability to push MUSC VPN settings to mobile devices Android requires 3rd party email app Yes Yes Self Service Portal Yes Ability to locate a device Yes Ability to lock, unlock, wipe, selective wipe devices Yes Encryption Email, contacts, calendar Android: Requires 3rd party app at $11 per device. Mobile Device Management Office of the CIO – Information Services Endpoint Security Team What Mobile Device Management cannot do for MUSC Enforce full device encryption: On iPhone/iPad devices, email/contacts/calendar are encrypted when the device is locked, but each application developer has to specifically add code in order for the application data to be encrypted On Android devices email/contacts/calendar are encrypted when the device is locked but only if a third party product (Touchdown) is installed. Touchdown costs $11 per device. Deploy Exchange settings to Android without Touchdown Remove applications which were installed by the end user Forcefully prevent (blacklist) applications from being installed. MDM can alert administrators when an undesired application has been installed Mobile Device Management Office of the CIO – Information Services Endpoint Security Team How to Enroll: iOS Method 1: From App Store Method 2: From Link 1. Users go to mobile.musc.org/step1. They click a link to download the Zenprise app. 2. Users go to mobile.musc.org/step2. They click a link that launches the app and pre-populates the server URL. 3. User enters their username and password. Mobile Device Management Office of the CIO – Information Services Endpoint Security Team How to Enroll: iOS Method 1: From App Store Method 2: From Link 1. Users go to mobile.musc.org/step1. They click a link to download the Zenprise app. 2. Users go to mobile.musc.org/step2. They click a link that launches the app and pre-populates the server URL. 3. User enters their username and password. Mobile Device Management Office of the CIO – Information Services Endpoint Security Team Plan of Action Phase 1: 250 Device Pilot This will include all of OCIO. We will be beginning rollout of this pilot within a few days. This will also include a group of physicians hand picked by Dr. Bob Warren. Phase 2: Number to be determined We will be asking for volunteers from the IT community to test Zenprise MDM. Phase 3: We will be requiring anyone who connects to exchange to install Zenprise MDM.