Hide Caption
More and more doctors, nurses and other medical staff in hospitals are striving to bring their personal smartphones and tablet computers to use in their workplaces.
Credit: Flickr by j.reed
Show Caption
Five years ago, many of Hadassah University Hospital's 7,000 employees started asking if they could start using their personal laptop computers in their jobs. Initially, the answer was a firm "no" due to security concerns involving the institution's network and sensitive patient information.
But the pressure from many doctors and other workers continued, until finally in mid-2009 Hadassah brought in a potent network security application that allows deep protection of the hospital's network while giving employees some freedom and flexibility to use their laptops.
Of course, the Bring Your Own Device discussion didn't end there. Shortly after the laptops were permitted, hundreds of doctors and employees began bringing in other personal devices, including smartphones and tablet computers, and asking if they could use them for work as well.
Why JC Penney Employees Call Their iPod Touches "Libby"
CITE Goes Live! Register for the CITE Conference & Expo, June 2-4, in San Francisco.
At first, the hospital network completely blocked network access to the additional devices. But soon the tide turned and the IT staff started looking at ways to use their recently acquired network security system to allow more personal devices to be used without putting the network and data in jeopardy.
"It was chaos," said Barak Shrefler, the Chief Information Security Officer (CISO) for the Jerusalem, Israel-based hospital system. "When hundreds of people bring them in you start to ask whether maybe you can find a way to do it without risking your security and information."
So why the change of heart? Because despite the fact that more personal devices inside the network certainly would complicate data security, there was no arguing with how much more productive and efficient doctors, nurses, and administrative staff members could be if they could get needed information on their personal devices, wherever they were located.
But getting there wasn't easy. It took a lot of discussions about security and policies with hospital executives and employees before it finally came to pass.
"We talked to management five years ago about 'how do we manage all of this?'" said Shrefler. "At first they asked a lot of questions, about what are the risks and why. We did presentations about how different organizations were planning to attack this situation."
After about 18 months, the IT team received the OK to deploy a network access control system.
The IT team reviewed products from three vendors – ForeScout, Juniper Networks and a local vendor in Israel – before selecting ForeScout's CounterACT appliances, which allows agentless control of devices down to their individual features, such as turning off built-in cameras and screen captures. Today, the application not only watches over tablets, smartphones, PCs and laptops but also a wide range of other devices, including imaging machines, blood pressure systems and CT scanners.
Using CounterACT, Hadassah's IT staff can see and control every device on the network, according to Shrefler. What's more, each device is identified with a unique "fingerprint" that permits the assignment of specific use policies for each device and user, giving the hospital system the control it was seeking.
"Even if you brought your own devices in, it didn't mean that you can do everything with them," said Shrefler. "We changed permissions on the devices, which some workers objected to initially."
