At the Infosecurity Magazine Conference in Boston 06-07 December 2016, Ken Patterson, CISO at Harvard Pilgrim Healthcare discussed how to balance BYOD risk and reward.
In a heavily regulated industry, the cost of non-compliance and security incident is high, and Patterson is charged with protecting over 1.3 million members’ records, worth an average cost of $398 per record.
Patterson gave a five-year run-down of how his mobile device program has evolved from a “Blackbery-only” company-owned environment, to the 100% BYOD environment that it is today.
“I remember when one of the company director’s complained to me about our password policy because he couldn’t type it into his phone when he was driving,” recalled Patterson with his head in his hands. “Then, there was the Christmas that the C-level execs all got shiny new devices at Christmas and wanted to use them for business, but without surrendering their sole right to their personal stuff.”
He presented Harvard Pilgrim Healthcare’s five-year roadmap as follows:
- 5 years ago – 100% Blackberry devices
- Favorable discounts on hardware and data
- Harvard Pilgrim assets
- Nice and secure and controllable
- 4 years ago – Pressure to allow access for iDevices
- Full assessment of vendors MDM capabilities
- 6 finalists – POCs narrowed to one MDM vendor
- Hold the press – Executive stakeholders said NO. “Hands off my personal stuff”
- Containerization – Good for Enterprise (GFE)
- Based on business requirements
- 2 to 3 Years ago – Mix of Good and Blackberry
- GFE for iDevices, then Android, then Windows Phone
- Testing new Blackberry smartphones
- Using different versions and flavors of BES
- Clunky vs. clunky
- Good Work replacing GFE (Good…well better)
- Stake in the ground – say goodbye to Blackberry
- 1 year ago – Blackberry acquires Good
- Still supporting Blackberry
- Discussions began about going all BYOD
- 2016
- GoodWork integrated into BES
- Finance/Procurement takes over BYOD
- All Blackberry devices turned in and decommissioned
- Sr. VPs assigned job codes for approval to receive monthly $$
- Mass provisioning is labor intensive
- Device MACs added to internal wireless network
- GoodWork activation can be problematic
- Issues with browser
- Does the basics – email, calendar, contacts, docs
- Security is OK
- Total Blackberry annual cost:
- 425 Devices + Reimbursements = $475,543
- Total Good annual licensing cost:
- 500 Devices + Reimbursements = $191,928
- Annual savings = $283,615
- Additional first year costs
- 300 extra Good licenses = $7,170
- Transition cost = $30,842
- 2017: Planned automation of BYOD provisioning