For regulated industries like healthcare, though, banning application markets is common. Startup Happtique sees this as an opportunity and provides a mobile application store specifically for healthcare professionals. "A major challenge for clinicians and their IT departments is knowing what apps you can trust and which ones you can't," said Ben Chodor, CEO of Happtique.
Happtique was created after the Greater New York Hospital Association (GNYHA) started looking at mHealth. "We saw few, if any entities in the [mobile application] market with healthcare experience -- a company that truly understands the challenges faced by hospital providers, from HIPAA to health reform to emergency preparedness," Chodor said.
Once GNYHA saw this void, it decided to start its own mobile health solution, which later became Happtique. The startup is in the process of building a solution that helps hospitals and doctors find validated apps and create their own custom catalogs. It uses Appthority's application risk management solution to mitigate mobile app risks, and once it launches it will certify apps, evaluating them to make sure they do what they promise to do.
For the time being, though, most enterprises that want controlled app portals have to build their own, as did Riverside MC. Clamping down on apps is just part of the equation, though. In addition, the hospital uses a combination of McAfee's Enterprise Mobility Management (EMM) software and Fortinet's application firewall to minimize mobile risks. EMM gives Riverside the ability to detect jail-broken devices, enforce policies like two-factor authentication and remotely wipe devices if they are lost or stolen, and since risks evolve over time, Riverside also relies on Fortinet's behavioral analysis capabilities to see what exactly users are doing with their devices.
For instance, if an enterprise learns that a majority of users are playing mobile game during down time, they might want to educate users on those risks, since in-game malware is common, and mobile games are often the worst offenders when it comes to accessing users' personal information.
Mobile Apps Get a Failing Privacy Grade
Last year, researchers at viaForensics studied 100 different iOS and Android apps and found that only 17 of them did a good job of protecting user information.
viaForensics tested four different types of apps, financial, social networking, productivity, and retail. Researchers gave each app a grade -- pass, warn, or fail -- based on how well the app protected data. If viaForensics researchers were able to access the data stored in the app -- some of which could be identifying personal information -- the app failed.