One-quarter of the respondents said that their organization allows its workforce to work “in whatever way is effective for them”, according to the survey of over 100 IT professionals. The same percentage said that their organization is moving from a device-centric strategy to a user-centric strategy that focuses on securing sensitive transactions.
About 20% said that their organization uses a hybrid approach with more secure devices getting more access to corporate networks and less secure devices getting less access. And 6% were totally honest and said that the BYOD issue gives them a headache and they wished it would go away.
The poll also found that iPhones and iPads, as well as BlackBerries, were the most popular devices for accessing corporate email. Android was third, followed by Windows devices, and Nokia’s Symbian.
A founding member of Wisegate, Robert Rhodes, chief information officer at Houston Healthcare, explained how his organization has tackled mobile device security when it comes to physicians.
Houston Healthcare is using a Citrix server that creates a secure tunnel through which physicians can use mobile devices to access patient data without posing a security risk to that data, Rhodes told Infosecurity. Most of the physicians are in private practice and have their own mobile devices.
On Nov. 1, Houston Healthcare launched a new hospital electronic medical records (EMR) system, so physicians needed to be able access this information using personal handheld devices, he explained.
“Many of the physicians wanted to use iPads, iPhones, or other smartphones to bring up an electronic rounds list, look up lab results, things of that nature. We have allowed that through the use of a segmented, physicians only network that is separate from our internal network….They now access our systems via Citrix”, Rhodes explained.
“So the physicians walk into the hospital and their iPads pick up our physicians network. They are authenticated, they fire up a Citrix session, and log into our Meditech system. They get their rounds list and they round with their patient, they look up labs, do the things they need to do, and then go back to their office using the same device and not have to go to a hospital computer terminal to do something”, he related.
Rhodes said that this improves security of the mobile devices because the physicians are accessing a secure tunnel through Citrix. He stressed that the physicians cannot download any information from Citrix onto their devices so this prevents data breaches from lost devices.