Bring-your-own-device or BYOD policies are becoming not just an option, but in many cases necessary because of remote and work-from-home scenarios. BYOD is an increasing priority for IT admins to give employees secure access to the resources they need to do their jobs.
The use of zero-trust architecture is one way to create network security even with a BYOD policy, but there are other things to keep in mind as well. The following are things to know about BYOD policies in general and the cybersecurity implications.
BYOD policies
Under a BYOD IT policy, employees aren’t just permitted but are sometimes encouraged to bring their own devices to access systems and data. Devices can include laptops, smartphones, and tablets.
There are some general options as far as provisioning of access levels when employees use their own devices.
You can offer unlimited access for their personal devices. You can instead allow only access to non-sensitive data and systems on their devices. Another option is to provide access, but with IT control over devices and the fourth option is access, but with the prevention of local data storage on these devices.
There are significant benefits to a BYOD policy for many employers because it can promote productivity and managed risk. Many employees also prefer it. Employees can choose what devices they’re most comfortable using. Due to that comfort, employees are more likely to be productive because they already know how to use them. This might help with buy-in on new technology too.
BYOD policies can cut the costs for your business and alleviate pressure on the IT budget. While there are upsides, there are some potential risks.
By Jamison Utter, director of product evangelism, Medigate.
Jamison Utter
Last year (2020) was a year of chaos, and one that demonstrated why robust cybersecurity is an essential priority for all healthcare organizations. From COVID-19 disruptions to rapidly increasing networks of managed and unmanaged devices, it’s never been more important to secure the critical infrastructure that forms the basis of clinical care.
This is easier said than done- after all, the growing reliance on digital platforms has opened opportunities for increased attacks and raised questions about data collection and privacy. Threats like Ryuk and other high-profile breaches made a notable impact on the industry’s understanding of cybersecurity, not only for their monetary implications, but the significant operational disruptions that these incidents caused. On a national level, we’re seeing care networks expanding alongside access to telehealth services and the implementation of remote patient monitoring tools– with significant amounts of PHI being broadcast and analyzed each day.
When looking at these trends, there are two immediate realizations that all healthcare leaders should understand: 1) the rate of attacks is only going to increase as healthcare operations become smarter and more connected and 2) we need a better solution that works alongside clinical practitioners, biomed departments and organizational leaders even as it protects them from malicious attackers. For many of these concerns, the answer is Zero Trust, or more specifically, Clinical Zero Trust (CZT), that is uniquely attuned to the needs of the healthcare industry.
What Is Clinical Zero Trust?
Zero Trust represents the concept of “trust nothing, verify everything” in terms of cybersecurity. It has since grown to represent a networking approach that centers the design and application of IT networks around the identity and access rights of users and their data. Clinical Zero Trust applies this same idea but to the cyber and physical environment of healthcare organizations.
Think of CZT as a strategy and not a technology; it is an end goal rather than a feature or ability. Cyber protections like firewalls and end-point security solutions make up some of the offerings that help create a CZT environment. A typical healthcare organization has a security system that prioritizes protecting devices and data– CZT shifts the focus to protect physical workflows, which are made up of the people and processes involved in delivering care.
This means the protected surface extends to the physical world, including everything associated with administering a procedure or delivering care. At first glance, it seems like an impossible task to protect physical things with cyber technologies, but in reality, when you look at the clinical setting holistically it makes it easier to identify interdependencies and develop strategies that will effectively protect the physical, business and digital processes to drive optimal patient outcomes.
