Hospital execs intrigued by mobile virtualization

Hospital CIOs already know, and love, server virtualization and desktop virtualization. They help make the most of existing resources, can dramatically cut hardware costs and provide security benefits, too.

But there's a new type of virtualization that CIOs need, even if they aren't quite ready for it. It's mobile virtualization--a heavy-duty version of the sandboxing options available today. Mobile virtualization allows a smartphone or tablet to run two entirely different operating systems at the same time, with hard-and-fast partitions between the two, and almost no bleed-through.

Even my most forward-thinking CIO sources admit it's bleeding edge for them, although they're all interested, and eager, to learn more.

"We haven't dug into the mobile virtualization stuff yet," Todd Richardson, CIO with Deaconess Health System, Evansville, Ind., tells FierceMobileHealthcare. He's "quite apprehensive about having too much of a footprint on personally owned devices at this point, and without a driving business need to do it, we will likely dip our toes into it when it becomes more of a pressing issue. [We] will certainly be watching from the sidelines as others venture in and learn from them."

Steven Dean, chief of a progressive telehealth/mobile program at Inova Health System in Northern Virginia, echoes Richardson's caution, saying " Mobile device management is a 2012 strategic objective with direction still to be determined."

And it shouldn't be surprising that so many are intrigued. If the descriptions of mobile virtualization are anywhere close to reality, they're a hospital CIO's dream. Here's how analyst Chris Hazelton with security firm The 451 Group explains it to CIO: "Any data within the virtualized environment is encrypted, preventing outside applications from accessing or interacting with corporate data and apps. IT can mandate a password on the corporate side of the device, letting users avoid password protection for consumer apps for the camera, social networks, personal emails, [and other apps]. If the employee leaves or the device is lost or stolen, IT can wipe the enterprise data without touching personal data."

The CIO article, published late last week also has some great technical background, and even a few vendor names, for hospital IT readers to chew on. I've summarized the highlights here.

You've got two virtualization options to choose from, for starters. Type 1, according to CIO's John Brandon, is a root hardware solution, and one you'll have to get the manufacturer's agreement to lock down. Type 2, on the other hand, runs as a secure app on any device, Brandon explains.

The former option is the more secure, as it's tied into the core systems and hardware. But it can take far longer to accomplish, as you have to get buy-in from phone makers like Nokia or Samsung. The latter is easier and faster to deploy, but is inherently less secure, Hazelton tells CIO.

There's also one major drawback to mobile virtualization, whichever type you prefer: It generally only runs on Android phones, and hasn't yet been ported over to healthcare's far more popular iOS devices, according to CIO.

There are three major vendors in this space--Enterproid Divide, VMWare Horizon Mobile and Red Bend Software vLogix Mobile--according to CIO. Enterproid is a Type 2 product, while VMWare Horizon Mobile has both a full-scale Type 1 "hypervisor" and also a kind of Type 1/2 hybrid that offers root-level access without having to achieve manufacturer permissions. Red Bend's product is straightforward Type 1 software, with some permissions already allowed from some phone makers, company officials tell CIO.

So don't be shy. If you've got some Android users on your campus, now might be the time for a mobile virtualization test. Finding that true, solid privacy fence for your protected records, in a world of BYOD, is simply too important to wait. - Sara