Don’t let BYOD become BMNP (Bring Me New Problems)

The Bring Your Own Device (BYOD) trend presents enterprises with a number of significant challenges to go along with the potential benefits. Certainly there are positives associated with letting employees use their own computing devices to access enterprise resources, especially mobile technologies such as tablets and smart phones, including reduced costs and enhanced productivity.

 There are also some rather serious complications as well though, including security, manageability, and control. For the medical industry there are additional compliance issues to be aware of and enterprises must ensure that regulatory standards continue to be met. The medical community also has to contend with unique elements including compliance with insurance practices and acceptable levels of legal risk.

A successful BYOD implementation strategy will have to include a rigidly enforced acceptable use policy. Within regulated industries including medical I believe that in order to enforce a solid acceptable use policy enterprises must maintain complete management control of the device, enterprise data, and enterprise connectivity.

Enforcing enterprise standards on mobile devices generally begins using Mobile Device Management (MDM) and Mobile Application Management (MAM) systems. MDM/MAM systems enable the enterprise administrators to remotely configure and provision devices, install applications, troubleshoot, administer, and secure the device, and if required remotely wipe the device in accordance with established policies.

Additionally, MAM platforms enable the enterprise to implement version control, patch enforcement, and administrative access to the applications that are installed on the remote device. MDM and MAM are essential if mobile devices are going to be allowed to access and utilize enterprise systems and are an essential tool in enforcing acceptable use policies.

Because of the level of control needed to effectively implement an access control policy that satisfies the legal, regulatory, and best practices requirements of the medical community it may prove difficult to broadly implement BYOD with existing user devices. For this reason some organizations are adopting a hybrid model where the enterprise develops a list of acceptable devices and then offers them to employees at a discounted price in conjunction with the acceptable use policy.

One of the biggest, and most publicly known, challenge of BYOD is ensuring the security of data on the device and when transmitting to and from the enterprise. Effectively securing enterprise data includes encrypting data both at rest and in motion. Securing data at rest includes encrypting the data on the local storage medium so that if an unauthorized user attempts to read it there will be nothing useable. For mobile devices it is best to encrypt the entire device. Data at rest security must also incorporate user access controls including effective passwords and enforced logins to the device including screen timeouts and logouts for inactivity.

Securing data in motion includes the use of VPN connections to the enterprise and the use of access controls to ensure that only authorized users and applications are able to connect. Although most mobile devices support establishing VPNs, there are enterprise specific capabilities available that provide enhanced management and control of the connection and access. By enforcing secure connections and access control in conjunction with encrypting the data on the device, a strong level of overall data assurance can be provided.

BYOD can be a useful and effective element in an enterprise’s overall plan; there are a number of precautions that should be taken though to ensure successful implementation. Sound policies, effective enforcement, and good communication between enterprise administrators and end users will go a long way towards getting the most out of any BYOD effort.

MVO Optimization Daisy Chains

The concept of Daisy Chains as it relates to Circadence MVO technology involves the ability to connect to multiple destination networks from a single client and optimize the delivery of content from each of the connected networks individually.  The Daisy Chain allows the client to utilize the Circadence MVO optimized path between multiple MVO appliances across networks (or across subnets within a single network) until it reaches the nearest point of access.  This serves a dual purpose by extending the WAN optimization data path  as well as the Circadence Link Resilience capability as far as possible (or as far as is necessary).

One way to envision this concept is to have an organization with end users connecting to applications and retrieving content that are located at more than one location across the enterprise. Typically this could include content located in a branch office as well as a headquarters location and perhaps a datacenter. In typical WAN Optimization deployment the end user or client side implementation would have to have individual tunnels established from the end point to each head-end location separately.  With Daisy Chaining enabled in MVO there is a single head-end configured in the end user client or client-side endpoint, only the first link in the chain needs to be configured.

To illustrate the concept assume a user is connecting via laptop to their enterprise while on the road. The user has applications which connect to servers located within the enterprise and is requesting content that is located at multiple locations within the enterprise extranet. The user’s device has the MVO client installed and configured to connect to the MVO head-end installation located at their home office, which is a branch of the larger corporation. Further assume that the applications and content required are located at: the user’s brand office, at the company headquarters, at a company datacenter, and at a cloud hosted location. The configuration and workflow would be the following: 

We can make the following assumptions about the network connection:

1. The end user “A” is connecting to the public internet “B” via WiFi, Cellular Data, or wired Ethernet.
2. The end user “A” has/has not established a VPN connection to the Branch Office “C”.
3. The Branch Office “C” is connected by an IP network connection to Corp Headquarters “D”.
4. The Corp Headquarters “D” is connected by an IP network connection to a Corp Datacenter “W”. 
5. The Corp Datacenter is connected by an IP network connection to a private or public Cloud Service “E”.

The MVO client application installed on “A” is configured as a MVO Remote with a peer connection to the MVO Hub located at “C”. The Hub at “C” has a MVO Managed Traffic Definition “MTD” configured for applications and content located on network “C” (c.c.c.c). If “A” requests content located on the c.c.c.c network the MVO Remote client will divert the original IP request to the MVO process, which will then encode the original IP packets into the enhanced TMP and send the request via the TMP protocol to the MVO Hub located at “C”. The Hub at “C” will process the request from “A” and return the appropriate c.c.c.c content via the TMP connection from the MVO Hub process at “C” to the MVO Remote process at “A”. The MVO Remote process at “A” will then decode the TMP packets into the original IP and forward to the original requesting local client process.

The MVO instance located at “C” is configured as both a MVO Hub and a MVO Remote. The MVO Remote process is configured to connect to the MVO peer located at “D”. The Hub at “D” has a MVO Managed Traffic Definition “MTD” configured for applications and content located on network “D” (d.d.d.d). If “C” requests content located on the d.d.d.d network the MVO Remote process will divert the original IP request to the MVO process, which will then encode the original IP packets into the enhanced TMP and send the request via the TMP protocol to the MVO Hub located at “D”. The Hub at “D” will process the request from “C” and return the appropriate d.d.d.d content via the TMP connection from the MVO Hub process at “D” to the MVO Remote process at “C”. The MVO Remote process at “C” will then decode the TMP packets into the original IP and forward to the original requesting local client process.  Additionally, the MVO instance at “C” has been configured to support Daisy Chains. The Daisy Chain configuration allows the MVO Hub instance to internally forward IP packets destined for a network which has MTD rules applied at the same MVO instance’s Remote process from a distant MVO Hub. With Daisy Chains enabled, if “A” requests content located on the d.d.d.d network the MVO Remote client will divert the original IP request to the MVO process, which will then encode the original IP packets into the enhanced TMP and send the request via the TMP protocol to the MVO Hub located at “C”. The Hub at “C” will process the d.d.d.d request from “A” and forward the request for content from d.d.d.d to the MVO Remote process at “C”. The MVO Remote process at “C” will send the request via the TMP protocol to the MVO Hub located at “D”. The Hub at “D” will process the request from “A” and return the appropriate d.d.d.d content via the TMP connection from the MVO Hub process at “D” to the MVO Remote process at “C”. The Daisy Chain enabled MVO instance at “C” will then internally forward the d.d.d.d content from the “C” Remote process to the “C” Hub process for transport to “A”. The MVO Remote process at “A” will then decode the TMP packets into the original IP and forward to the original requesting local client process at “A”.

The MVO instance located at “D” is also configured as both a MVO Hub and a MVO Remote. The MVO Remote process is configured to connect to the MVO peer located at “W”. The Hub at “W” has MVO Managed Traffic Definition “MTD” configured for applications and content located on network “W” (w.w.w.w) and Cloud Service “E” (e.e.e.e). If “D” requests content located on the w.w.w.w or e.e.e.e network the MVO Remote process will divert the original IP request to the MVO process, which will then encode the original IP packets into the enhanced TMP and send the request via the TMP protocol to the MVO Hub located at “W”. (The process for content from either w.w.w.w or e.e.e.e is fundamentally similar so only w.w.w.w will be detailed) The Hub at “W” will process the request from “D” and return the appropriate w.w.w.w content via the TMP connection from the MVO Hub process at “W” to the MVO Remote process at “D”. The MVO Remote process at “D” will then decode the TMP packets into the original IP and forward to the original requesting local client process.  Additionally, the MVO instance at “D” and at “W” have been configured to support Daisy Chains. The Daisy Chain configuration allows the MVO Hub instance to internally forward IP packets destined for a network which has MTD rules applied at the same MVO instance’s Remote process from a distant MVO Hub. With Daisy Chains enabled, if “A” requests content located on the w.w.w.w network the MVO Remote client will divert the original IP request to the MVO process, which will then encode the original IP packets into the enhanced TMP and send the request via the TMP protocol to the MVO Hub located at “C”. The Hub at “C” will process the w.w.w.w request from “A” and forward the request for content from w.w.w.w to the MVO Remote process at “C”. The MVO Remote process at “C” will send the request via the TMP protocol to the MVO Hub located at “D”. The Hub at “D” will process the w.w.w.w request from “A” through “C” and forward the request for content from w.w.w.w to the MVO Remote process at “D”. The MVO Remote process at “D” will send the request via the TMP protocol to the MVO Hub located at “W”. The Hub at “W” will process the forwarded request from “A” and return the appropriate w.w.w.w content via the TMP connection from the MVO Hub process at “W” to the MVO Remote process at “D”. The Daisy Chain enabled MVO instance at “D” will then internally forward the w.w.w.w content from the “D” Remote process to the “D” Hub process for transport to “C”. The Daisy Chain enabled MVO instance at “C” will then internally forward the w.w.w.w content from the “C” Remote process to the “C” Hub process for transport to “A”. The MVO Remote process at “A” will then decode the TMP packets into the original IP and forward to the original requesting local client process at “A”.

Functionally the Daisy Chain process works as an inherent function of MVO being able to operate with both Frontend (Remote) and Backend (Hub) processes running simultaneously. In a network consisting of a MVO Remote “A”, first MVO Hub “B”, and second MVO Hub “C”: As traffic from a Frontend process at Remote “A” arrives at the Backend process of the Hub “B” if it does NOT meet a MTD rule being diverted by the “B” Hub’s Frontend process it is exited from the MVO application at that location. If the traffic from the Remote meets the definition of a MTD divert running on the Frontend process at the “B” Hub it is reprocessed and sent along to the upstream “C” Hub. The configuration is best approached in reverse, from the last link in the chain to the first remote client.

Imaging Economics Interview Q&A

What is it that WAN optimization products do?

WAN Optimization products such as Circadence’s MVO platform substantially increase the performance of applications which use the network. With Circadence MVO file transfers, including medical images, are much faster and their delivery is ensured. By implementing MVO WAN Optimization, it’s possible to increase transfer speeds by more than 300 percent. For example, using Circadence, one healthcare organization was able to reduce the time required to complete image transfers from almost four minutes down to 13 seconds.

MVO WAN optimization significantly prevents corrupt, incomplete or lost files transferred across the network. Increasing data integrity and reliability improves the quality of healthcare provided by medical imaging institutions and limits the number of resends that are typically required. Implementing optimization maximizes return on investment in bandwidth and decreases or eliminates the need for expensive infrastructure upgrades.

Can you give the bird’s eye view of Circadence MVO for Mobile in a health care setting?

Circadence MVO for Mobile provides full end-end optimization between applications and content. In the healthcare setting, this could include Hospitals; remote clinics; distributed call centers; remote offices; and, individual users on laptops, tablets and smartphones.  In healthcare, typical applications that MVO will be utilized for are EMR/EHR and image study transfers such as with PACS, where MVO facilitates fast and effective patient care and increases the provider’s capabilities. 

What sets Circadence MVO for Mobile apart from similar solutions?

Circadence MVO is currently the only WAN Optimization solution that supports MS Windows, Android, and Apple iPhone/iPads.  Circadence is the most innovative mobile optimization provider and offers the most deployment options available including cloud, hardware, software, VM, and 3^rd party integration with the MVO SDK. Circadence MVO also offers leading performance transferring all types of image studies and enables full optimization without caching or storing content or modifying it in any way.

Highlights:

- OEM integration with 3^rd party platforms and applications, such as PACS imaging systems;
- Broadest deployment capabilities, reducing infrastructure costs and accelerating ROI;
- Full support for all mobile platforms including Windows, Android, and Apple iOS;
- Optimizes all data dynamically in real-time, without caching or modifying;
- Circadence patented Link Resiliency maintains application session persistence;

In recent years, how has the emergence of mobile devices changed the health care environment, specifically the radiology department?
The emergence of mobile devices, specifically high performance tablets with high definition displays and strong graphics performance, has enabled radiology professionals to “untether” themselves from the imaging systems. Essentially, mobility enables practitioners to be closer to their patients, provide a higher level of care and greatly increase efficiency. As the capabilities of the mobile platform increase, the demands placed on the network infrastructure increase substantially. The size of image studies increase near exponentially as they increase in definition, making WAN Optimization essential for effective use. The capabilities mobility brings to radiology also are increasing rapidly and in many ways are creating positive changes in the dynamic between caregiver and patient. Mobile access to patient studies enables healthcare professionals to be closer to their patients, and to being the technology to the patient versus forcing the patient to come to the technology.

How can radiology practices utilize WAN optimization? What are some of the benefits?

WAN Optimization such as Circadence MVO is essential for delivering radiology studies across networks. The broad deployment options offered by Circadence enable radiology practices to implement optimization in ways that best suit their particular practices. Distributed radiology offices can use WAN Optimization to provide much higher performance transferring content between offices. Centralized radiology providers can dramatically increase the number of studies their radiologists are able to read, increasing revenue and decreasing costs. Mobile WAN Optimization enables practitioners to access even larger, high definition studies from wherever they happen to be, improving patient care and increasing access.  

Does the Circadence MVO for Mobile have to comply with HIPAA guidelines? If so, how is that achieved?

Circadence MVO can be a key component of an organization’s HIPAA compliance program. Under HIPAA, healthcare organizations must ensure that patients’ privacy is protected; this includes protecting confidential information. Unlike other WAN Optimization vendors, the Circadence MVO Optimization platform does not cache, store, or decrypt information sent across the network. Circadence MVO enables healthcare providers to implement the leading WAN Optimization platform across their organizations while maintaining compliance with current guidelines.

What are some of the difficulties when installing/utilizing the Circadence WAN optimization solution?

As with any fast changing landscape, there can be challenges as organizations adapt. The healthcare industry in particular is facing an extraordinary amount of change in the way that healthcare services are provided and accessed, with new capabilities being announced daily. For an industry as regulated as healthcare the challenges can be administrative and procedural as much, or more so, than technical. Additionally, the increasing focus on technology is forcing medical practitioners at all levels to become more familiar with systems, terminology, and practices that may be entirely new to them. As regulators, providers, and practitioners become more educated and comfortable with technology the pace of adoption is increasing and administrative barriers to adoption of emerging technologies are being removed. Circadence places an emphasis on making the MVO optimization platform as easy to implement and manage as possible, both technically and administratively, allowing providers to focus more on providing high quality services.

Mobile Usage

Mobile usage is rising dramatically, placing greater strain on networks and creating bandwidth and connectivity issues. Exacerbating this situation are the high demands mobile users place on networks.

With the increased popularity of smartphones, tablets and other mobile devices, the boundaries between work and personal are blurring. As a result, people are using mobile devices to check work email, review and work on documents and a host of other work-related functions.

 As more and more critical information is accessed outside of brick and mortar, wireless and broadband companies need to plot the best way to accommodate the spike in traffic. Enterprises must also be prepared to help their employees remain connected regardless of their location or device.

The rise of mobile

The number of mobile users has sharply increased in recent years. As of June 2011, according to CTIA, a non-profit organization supporting the wireless industry in the United States, there were 322.9 million wireless subscriber connections. This represents a 745 percent increase from five years ago, when there were 38.2 million wireless subscriber connections. There are seven billion connected devices worldwide and by 2025, it is predicted that number will have ballooned to 50 billion. 

Consumers rely on their phones and mobile devices for a wide variety of purposes such as listening to music, downloading apps, surfing the Internet and watching videos. More people are also using personal devices for work-related functions such as managing email and working on documents. Unlike texting or making a phone call, this usage places an incredible strain on networks, consuming large amounts of data.

The surge in data usage coupled with the rise in BYOD (Bring Your Own Device) threatens to overwhelm the infrastructure supporting mobile devices. As a result, some carriers have discontinued offering unlimited data usage offers. In the enterprise, companies are increasingly adopting WAN optimization to ensure they can quickly transmit and process information even in areas with low-quality or intermittent network connections.

Unfortunately, it is not feasible to physically expand the wireless infrastructure in the United States by for instance, building more cell phone towers. And the cost of doing so would be astronomical.

In this challenging environment, service providers want the ability to more efficiently utilize the bandwidth available. At the same time, consumers have grown accustomed to being able to use their phones for work and fun. The always-on worker armed with a laptop, tablet and phone is quickly becoming the norm. In response, enterprise organizations are also seeking a way to accommodate additional devices.

WAN optimization goes mobile

 WAN optimization, once reserved for military organizations looking to move critical information in the field, is gaining momentum in the enterprise and could play a critical role in helping alleviate mobile network overload. Loosely defined, WAN optimization is a collection of technologies and techniques used to maximize the efficiency of data flow across a wide area network. WAN optimization enables organizations to transmit information and gain access to critical applications faster.

 The enterprise is increasingly adopting WAN optimization as a method for transmitting information quickly and securely. For example, healthcare organizations using WAN optimization can quickly transmit images and patient data quickly regardless of network connections or bandwidth strength.

 For companies and organizations seeing an influx of mobile workers and personnel utilizing personal devices, mobile WAN optimization provides the same benefits as WAN optimization but to mobile devices. This enables organizations to embrace remote workers and mobile workers, confident that they connect regardless of their location. WAN optimization can also help alleviate pressure on existing networks. For example, carriers can provide the same level of service but use 1/6 of the infrastructure to deliver it.

Conclusion

As mobile devices continue to become more sophisticated and mobile device adoption continues to explode, pressures on the current networks will continue to mount. BYOD and the mobile worker are also creating issues for organizations and companies who want to ensure their employees are able to quickly and securely access the information they need to perform their duties regardless of their location.

In this atmosphere, it’s critical that carriers and organizations look for innovative ways to increase the effectiveness of their existing bandwidth.  If the current mobile adoption continues at the current pace, soon they’ll have no choice but to embrace new solutions to address the situation. By embracing new technologies and solutions such as mobile WAN optimization, organizations will able to ensure that the mobile workforce isn’t left out in the cold.