Mobile Devices Provide Security

Oncology Live®, September 2007, Volume 8, Issue 9

As healthcare organizations strive to comply with privacy and data requirements, they are increasingly looking to identify and implement remote access control solutions. These are necessary...

As healthcare organizations strive to comply with privacy and data requirements, they are increasingly looking to identify and implement remote access control solutions. These are necessary components of the security infrastructure in order to protect sensitive network resources. In addition, opening a secure network to remote users exposes it to threats such as ID theft, malicious attack, and data compromise. IT administrators are challenged with the complex task of providing greater access to resources, to more constituents than ever, and from more remote locations.

Unfortunately, many organizations are still relying on password security for users logging in to the network, despite the fact that passwords have long been proven to be a highly vulnerable mechanism for authenticating user identity. Two-factor authentication presents a strong—and proven—solution, however, and many healthcare organizations are using it today. This solution employs small, handheld “tokens” that generate a one-time secure passcode. The passcode, when combined with a user’s secret PIN, provides two types (“factors”) of authentication and a highly secure method of proving user identity when logging on to a secure network through a VPN or other remote access gateway. Doctors, nurses, and other healthcare administrators, for example, can use their tokens when accessing network data from a remote location, such as their home office. Tokens can also be used to provide an additional layer of security at a hospital

workstation or remote healthcare office.

But a hardware token is only one form of this solution. Mobile devices, such as BlackBerries, PDAs, and other phone types, are fast becoming indispensable tools for workforce productivity. They keep users in touch and are rarely left behind.

So now, a new product is available that allows healthcare professionals to use their mobile phones to generate their secure, one-time passcodes—just like a token. It works by using a small software program that is easily downloaded onto users’ mobile devices. And it works with any BlackBerry, Palm, J2ME- or Windows Mobile-enabled mobile phones. Users activate the application with a single touch of a button, and their one-time passcodes are generated right on the device’s screen—just like pushing the button on a hardware token. The user then enters that passcode into their computer, along with their personal PIN, to log in to the organization’s secure network. This process provides proof-positive assurance of the user’s identity prior to being authorized access to sensitive patient records and other network resources, applications, and data.

Mobile authentication solutions can reduce costs, such as those associated with deploying remote access and user authentication systems, and provide a very low total cost of ownership. Plus, once the software-based authenticator is

deployed, it will not expire and never needs to be replaced. Further, because it is compatible with users’ mobile devices, it provides a new level of convenience and usability.

Now, hospital administrators, doctors, nurses, and other healthcare professionals can rely on a complete mobile authentication solution. As the industry takes advantage of new remote access technologies, such as SSL VPN networks, as well as the benefits of mobile phones to improve worker productivity, such mobile authentication offerings will have found a good home. Secure Computing Corporation, headquartered in San Jose, CA, is the leading provider of comprehensive, integrated best-of-breed gateway security appliances.

Stuart Rauch, Director of Product Marketing, Secure Computing Corp., can be reached at Stuart_Rauch@securecomputing.com.