A model where multiple workers use the same mobile device or device pool across shifts, tasks, or locations. In healthcare, the identity problem is making access fast enough for frontline work while preserving accountability, session hygiene, and role separation across users.
Expanded Definition
Shared mobile access is an operating model, not a single authentication method: multiple frontline workers use the same device or a managed pool of devices across shifts, locations, or tasks. In healthcare and other high-tempo environments, it is used to reduce handoff friction while still preserving user accountability, session cleanup, and role separation. The identity challenge is that the device is shared, but the access session must still be attributable to one person at a time.
That distinction matters because the device can outlive the user session, cache tokens, keep app state, or retain cached credentials unless the environment is designed for rapid reauthentication and reliable logout. NHI Management Group treats this as a governance issue as much as an endpoint issue, because shared mobility often intersects with secrets handling, conditional access, and session lifecycle controls described in the Ultimate Guide to NHIs. The most common misapplication is treating the shared device as if it were the identity, which occurs when teams assign permanent access to the handset instead of enforcing per-user sessions.
Examples and Use Cases
Implementing shared mobile access rigorously often introduces a real tradeoff: faster shift handoffs and fewer devices to manage, but more pressure on sign-in flows, session resets, and audit logging. Organisations must weigh bedside speed against the cost of stronger session hygiene.
- Emergency departments where nurses pick up the nearest managed handset at the start of a shift, authenticate with their own identity, and release the session before handing the device to the next worker.
- Retail or field-service teams using a device pool for task-based work, where the app must clear local tokens and user context between assignments.
- Medication scanning or charting workflows where rapid access is needed, but role-based access still has to reflect the current clinician, not the last person to sign in.
- Shared kiosk or rugged-device deployments that require step-up authentication for sensitive actions and short session timeouts after inactivity.
- Device-pool programs aligned to the identity and secret-risk concerns highlighted in the 52 NHI Breaches Analysis, where persistent tokens or cached API access can survive user turnover.
For implementation patterns, the OWASP Non-Human Identity Top 10 is useful for understanding how weak lifecycle controls and exposed credentials turn convenience into exposure.
Why It Matters in NHI Security
Shared mobile access becomes an NHI security issue when the device is used as a shortcut around identity governance. If the environment keeps long-lived sessions, stored tokens, or embedded credentials on a shared handset, the next worker may inherit more access than intended. That is especially dangerous in healthcare, where rapid turnover, shift changes, and high-pressure workflows can obscure who actually performed a sensitive action.
The risk is not theoretical. NHI Management Group reports that only 5.7% of organisations have full visibility into their service accounts, which reflects a broader identity-visibility problem: when access is shared, it becomes harder to prove who had authority at the moment of use. That matters under the OWASP Non-Human Identity Top 10 because credential persistence, overbroad access, and weak revocation can survive the human handoff. Organisations typically encounter the consequence only after a misplaced device, an audit failure, or a privacy incident, at which point shared mobile access becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Shared devices often retain secrets, tokens, or cached sessions after handoff. |
| NIST CSF 2.0 | PR.AA-01 | Identity verification and access enforcement must still apply in shared-device workflows. |
| NIST Zero Trust (SP 800-207) | PA-2 | Zero Trust requires continuous authorization, not implicit trust in a shared endpoint. |
Enforce per-user session teardown and prevent credential persistence on pooled mobile devices.
