- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
CIO - When CIOs worry about the Bring Your Own Device (BYOD) trend, one of the things that most concerns them is their lack of control over mobile apps. Rogue apps packing malware are a major concern, but many malware-free apps pose risks too.
Even in curated marketplaces, mobile apps can be ridiculously intrusive. Earlier this year, Apple, Facebook, Yelp and several other firms were sued for privacy-infringing apps that, among other things, pillaged users' address books.
At the time, many security experts warned that this was the tip of the iceberg, and a recent study by Appthority, a provider of mobile security solutions, found that free apps are particularly risky because it was discovered they have the ability to access sensitive info.
That's bad enough, but what if the app uploads a sales representatives' contact list and the developer then sells it to a competitor? That's a new type of data leakage that most organizations aren't ready for.
We Won't Let Workers Anywhere Near the AppStore
Despite the risks, Illinois-based Riverside Medical Center believed they had no choice when it came to BYOD. Trying to simply prohibit end-user devices would be counterproductive. "For a hospital like ours, BYOD is a marketing issue as much as it is a security one," said Erik J. Devine, Riverside MC's CISO. "If doctors can't use their tablets or smartphones at this hospital, they'll start checking their patients into other ones."
In order to take part in the BYOD program, end users must agree that Riverside MC has the right to remotely wipe the device if any problems arise. That could mean wiping a user's photos or personal emails, but that's the risk users must take if the enterprise is going to cope with BYOD risks.
For corporate-owned devices, of course, risks are easier to manage. "If we decide to purchase an iPad for someone, when it's a pure work tool, you can't even get to the AppStore," Devine said. Good luck telling that to someone shelling out $150/month on an expensive data plan.
For regulated industries like healthcare, though, banning application markets is common. Startup Happtique sees this as an opportunity and provides a mobile application store specifically for healthcare professionals. "A major challenge for clinicians and their IT departments is knowing what apps you can trust and which ones you can't," said Ben Chodor, CEO of Happtique.
Happtique was created after the Greater New York Hospital Association (GNYHA) started looking at mHealth. "We saw few, if any entities in the [mobile application] market with healthcare experience -- a company that truly understands the challenges faced by hospital providers, from HIPAA to health reform to emergency preparedness," Chodor said.
Once GNYHA saw this void, it decided to start its own mobile health solution, which later became Happtique. The startup is in the process of building a solution that helps hospitals and doctors find validated apps and create their own custom catalogs. It uses Appthority's application risk management solution to mitigate mobile app risks, and once it launches it will certify apps, evaluating them to make sure they do what they promise to do.