2FA - when required by your vendors, do you stipend your staff?
-
@dashrender said in 2FA - when required by your vendors, do you stipend your staff?:
Of course calls, like SMS, are totally hackable with SS7 redirects. But again, I'm not controlling these systems.
PCI was on track to get rid of SMS for 2FA, I assume HITECH is also. Why not use an app (VIP is my favorite).
-
@dashrender said in 2FA - when required by your vendors, do you stipend your staff?:
@penguinwrangler said in 2FA - when required by your vendors, do you stipend your staff?:
Why not buy them some cheap Android Tablets. I mean you can pickup some really cheap ones, less than 50 bucks. As long as they are on the wifi then they use those. You have total control over the 2FA devices that way.
Now they are carrying around two devices with them, phone and this tablet.
It's worse than that. The device battery 6 months in last 10 minutes, the screen takes 2 minutes to use because it's some ancient touch screen, the Android release is 4 versions behind. The MDM API's are so crippled you can't get Airwatch or any real MDM solution to work. When you have labor resources that cost $100-500 an hour WTF would you try to save a few $ per person that will cripple their workflow? I've seen so many people try this and fail.
For what it's worth hospitals devices tend to be shared on call devices. My wife's on-call phone is locked down so tight that if she takes 2 steps out side air watch bricks the device till it comes back in the hospital. They use special Android devices that are properly patchable, have the full KNOX API's for air watch to hook, and have extra battery kits and hot docks everywhere.
-
@john-nicholson said in 2FA - when required by your vendors, do you stipend your staff?:
@dashrender said in 2FA - when required by your vendors, do you stipend your staff?:
@penguinwrangler said in 2FA - when required by your vendors, do you stipend your staff?:
Why not buy them some cheap Android Tablets. I mean you can pickup some really cheap ones, less than 50 bucks. As long as they are on the wifi then they use those. You have total control over the 2FA devices that way.
Now they are carrying around two devices with them, phone and this tablet.
It's worse than that. The device battery 6 months in last 10 minutes, the screen takes 2 minutes to use because it's some ancient touch screen, the Android release is 4 versions behind. The MDM API's are so crippled you can't get Airwatch or any real MDM solution to work. When you have labor resources that cost $100-500 an hour WTF would you try to save a few $ per person that will cripple their workflow? I've seen so many people try this and fail.
For what it's worth hospitals devices tend to be shared on call devices. My wife's on-call phone is locked down so tight that if she takes 2 steps out side air watch bricks the device till it comes back in the hospital. They use special Android devices that are properly patchable, have the full KNOX API's for air watch to hook, and have extra battery kits and hot docks everywhere.
Does Airwatch work well? We looked at AirPatrol but it was insanely expensive (like ~$2500 per access point).
-
BES is dead, Good is how you make smartphones dumb, and Mobile Iron lacks good training resources and is more complicated than it needs to be.
@stacksofplates I went thru Airwatch SE training a few years back and was blown away at what it could do, and how easy it was compared to everything else I'd used. (Full discloser) Technically my current employer owns Airwatch (The company) but that's a different BU so these days I don't keep up with it too much. AirWatch is licensed either per user or device. There is a hosted option (My recommendation) or an on premises solution (For people like the DoD). Talk to the Airwatch/EUC SE's about that stuff as they know hospital requirements really well and live and breathe all the weird what is supported by what platform. When evaluating any MDM solution ask for references in your industry that you can talk to, and talk to the vendor directly not just resellers. It's too complicated for 3rd parties to keep up with 100%.