Four ways VUMC is meeting the challenge of personal devices
Managing multiple security threats is challenging for any IT department. Vanderbilt University Medical Center is a prime target for cyber-attacks because of the abundant data it stores.
Members of the VUMC community require the ability to share files and collaborate across platforms from their personal mobile devices. Securing the Medical Center’s network, resources and data while empowering users to do their work on any device requires a balanced approach.
How is VUMC strengthening the security around its data and IT systems while allowing users to access their personal devices?
Here are four ways the Medical Center is strengthening IT security.
The creation of VUMC Enterprise Cybersecurity
Cybersecurity is in the headlines on a daily basis. Addressing existing and emerging threats to systems and the safety of patient data requires a unified and concentrated approach. That is why, with the support of Medical Center leadership, VUMC Enterprise Cybersecurity was created.
“We didn’t want the Medical Center to be another statistic, or at the forefront of the latest cybersecurity nightmare,” said Andrew Hutchinson, executive director of Enterprise Cybersecurity.
“Creating an Enterprise Cybersecurity department with the specific goal of mitigating our highest risk factors is a start. Putting policies and audit procedures into place allows us to perform due-diligence, and enables us to align our policies and processes with federal and state laws while creating a culture of awareness and safety. It will take some time, but stopping potential attacks outside our perimeter and educating our employees about how to avoid attacks within our perimeter are both a priority.”
The creation of policies regarding the use of personal devices at work
So, what are these policies and why are they being put into place?
There are multiple federal and state regulations already in place, with more coming, addressing personal health information, security and the use of personal and mobile devices. VUMC has created policies addressing compliance with these regulations to protect the Medical Center, its data, and our employees. The policy on Use of Mobile Devices to Conduct VUMC Business requires the Medical Center to implement improved security measures related to the use of your personal device for Medical Center business.
See other VUMC policies in effect surrounding Cybersecurity.
Implementing additional security measures to incorporate personal devices
Supporting an environment of innovation and providing access to VUMC resources from personal devices requires additional security measures.
“We need to ensure that our employees’ personal devices can be used to conduct VUMC business safely while our people are on the move. One way to do that is with the implementation of Mobile Device Management (MDM). This platform paves the way for the safe use of VUMC resources on our employees’ personal devices,” said Hutchinson. “This technology allows users to change the way they work for the better. It will eventually give our employees a secure one-stop-shop for all of their VUMC mobile applications and other work resources.”
Specific ways VUMC is securing the Medical Center Infrastructure
The VEC Cybersafe Communications Initiative is one example of VUMC’s efforts to protect our systems and data while maintaining employee access and productivity. This initiative is focused on providing platforms - some of which are already in use, or are coming soon - to create a more secure IT environment for employees to work within.
The Cybersafe Communications Initiative systems include Accellion, Microsoft Advanced Threat Protection, Mobile Device Management, Multi-Factor Authentication, the Virtual Private Network (VPN), and others.
See the flyer on Cybersafe Communications and print it out to display in your department.
Mobile Device Management (MDM) is now available for download on your device. The goal is to have MDM enabled on all personal devices used to access VUMC resources by the end of 2018. We also understand you may have questions surrounding MDM, especially when it comes to privacy. Read our next blog, “Four ways VUMC is balancing mobile privacy and enterprise risk.”