VA Seeks Help With Mobile Security
Will Ramp Up Mobile Device Management in the CloudFollowing a pilot of Apple iPhones and iPads, the VA began rolling out the devices Oct. 1, with about 500 in operation as of this week.
Roger Baker, the VA's CIO, revealed at his monthly press conference call Oct. 26 that an iPad was stolen from a Washington office last month before it was deployed. There was no data on the device.
The VA already has a pilot version of a mobile device management system that it can use to, for example, remotely wipe data from a device that's stolen and monitor whether only approved applications are running on a particular device. Now, it's requesting information from vendors this week on deploying a more robust, enterprisewide mobile device management system, based on the cloud computing model, which could monitor up to 100,000 devices running multiple operating systems.
Mobile Strategy Described
In a recent interview with HealthcareInfoSecurity, Baker revealed that the VA will support a rollout of government-owned as well as personally owned mobile devices over the next 18 months (see: VA's Plan for Mobile Device Security.). "We really see a substantial clinical use for the newer mobile devices," he said. "And I would expect to see, in the long run, a phase out of desktop computers and a phase in of mobile devices." This shift, he said, could result in substantial cost savings.
Although the iPad and iPhone operating system doesn't offer disk-level encryption that meets the government's FIPS 140-2 standard, "we enforce encryption at the application level," Baker reiterated at the press conference. The VA requires all applications running on the mobile devices to be encrypted using the standard.