TACHL Retreat--MUSC`s Endpoint Security Team

advertisement
Medical University of South Carolina
Office of the CIO – Information Services
Endpoint Security Team
Mobile Device Management
March 8, 2012
Mobility Coming of Age at MUSC
Device Proliferation
App Explosion
Healthcare provider
adoption soars
$
2010
2011
2012
“That’s Cool!”
“That’s Productive”
1,600 Mobile Devices at MUSC
4,800 Mobile Devices at MUSC
7,300 Mobile Devices at MUSC
690 are iPhone, Android or Windows Mobile
900 are Blackberry
4,100 are iPhone, Android or Windows Mobile
700 are Blackberry
7,000 are iPhone, Android or Windows Mobile
300 are Blackberry
“Gotta Have It!”
How do we manage
all these devices?
How do we protect our
data and network?
How can we transform
healthcare?
Mobile Device Management
Office of the CIO – Information Services
Endpoint Security Team
o
What Mobile Device Management can do for MUSC
Force devices to always use a password lock
Force devices to automatically lock after a defined period of inactivity to facilitate native encryption
Forcefully lock and/or unlock a device
Locate a device and display its location on a map
Force the display of a predefined alert message on the screen such as “If found please call…”
Provide real time usage information and statistics
Assist communications in provisioning new devices by pushing common settings such as Exchange,
WLAN and VPN
Mobile Device Management
Office of the CIO – Information Services
Endpoint Security Team
Zenprise and MobileIron rank first and third,
respectively, in the latest Gartner MDM product ratings.
*Mobile Active Defense was not evaluated due to its lack of support for
Blackberry and its high cost.
Mobile Device Management
Office of the CIO – Information Services
Endpoint Security Team
Functionality
Zenprise
Passcode lock requirement
Yes
Yes
Ability to push exchange email credentials to
mobile devices.
Ability to push MUSC Secure wireless settings
to mobile devices
Ability to push MUSC VPN settings to mobile
devices
Android requires 3rd party email app
Yes
Yes
Self Service Portal
Yes
Ability to locate a device
Yes
Ability to lock, unlock, wipe, selective wipe
devices
Yes
Encryption
Email, contacts, calendar
Android: Requires 3rd party app at $11 per device.
Mobile Device Management
Office of the CIO – Information Services
Endpoint Security Team
What Mobile Device Management cannot do for MUSC
Enforce full device encryption:
On iPhone/iPad devices, email/contacts/calendar are encrypted when the device is locked,
but each application developer has to specifically add code in order for the application data to
be encrypted
On Android devices email/contacts/calendar are encrypted when the device is locked but only
if a third party product (Touchdown) is installed. Touchdown costs $11 per device.
Deploy Exchange settings to Android without Touchdown
Remove applications which were installed by the end user
Forcefully prevent (blacklist) applications from being installed. MDM can alert
administrators when an undesired application has been installed
Mobile Device Management
Office of the CIO – Information Services
Endpoint Security Team
How to Enroll: iOS
Method 1: From App Store
Method 2: From Link
1. Users go to mobile.musc.org/step1. They click a link to download the Zenprise app.
2. Users go to mobile.musc.org/step2. They click a link that launches the app and pre-populates the server URL.
3. User enters their username and password.
Mobile Device Management
Office of the CIO – Information Services
Endpoint Security Team
How to Enroll: iOS
Method 1: From App Store
Method 2: From Link
1. Users go to mobile.musc.org/step1. They click a link to download the Zenprise app.
2. Users go to mobile.musc.org/step2. They click a link that launches the app and pre-populates the server URL.
3. User enters their username and password.
Mobile Device Management
Office of the CIO – Information Services
Endpoint Security Team
Plan of Action
 Phase 1: 250 Device Pilot
 This will include all of OCIO. We will be beginning rollout of this pilot within a few days.
 This will also include a group of physicians hand picked by Dr. Bob Warren.
 Phase 2: Number to be determined
 We will be asking for volunteers from the IT community to test Zenprise MDM.
 Phase 3: We will be requiring anyone who connects to exchange to install Zenprise MDM.
Download