Cybersecurity 2017
Understanding the Healthcare Security Landscape

Healthcare Organizations Still Focusing on Foundational Technology

Firewalls and Antivirus/Malware Protection Reported as Most Impactful

Healthcare organizations feel behind when it comes to cybersecurity and say that their organizations benefit most from vendors that offer foundational technology, such as firewalls, antivirus and malware-protection solutions, and encryption. Specifically, Cisco and Symantec are mentioned most frequently, driving value with broad portfolios that address many needs. Single-threaded vendors Palo Alto Networks (firewalls) and Proofpoint (email encryption) exceed expectations in their respective areas. Software for DLP, IAM, MDM, SIEM, and anomalous-behavior monitoring has yet to make the projected impact due in part to still-maturing deployments and lack of resources and understanding.

MDM: VMware (AirWatch) Has the MDM Market on Lockdown

VMware is considered the Cadillac solution of the MDM market and is used more frequently than the next three most common solutions combined. Its broad functionality can meet almost any customer need, regardless of strategy (BYOD or company-issued devices). VMware is noted to work better with iOS than Android devices. Other solutions may be priced more competitively, though customers note they have less functionality. Microsoft (primarily used with email), Citrix (poor iOS support), and MobileIron (lacking containerizing) all have certain customer-reported limitations. The limited feedback on IBM is promising, though most customers use it simplistically to lock down email or prevent sharing or application downloads.

IAM: Imprivata Leading the Way; Microsoft Most Widely Used

Enterprise IAM in healthcare is still a long way off. Most solutions are used only for certain aspects of IAM. While not a complete IAM solution, Imprivata excels in identity management with strong single sign-on (SSO), two-factor authentication, and biometric scanning. Microsoft is the most frequently used since Active Directory (AD) is the de facto access management standard for many organizations. Few use Microsoft for identity management, and many say Microsoft doesn’t fully meet their needs in areas like provisioning. Other solutions are infrequently used and often described as not meeting many needs. Many providers layer homegrown tools on top of basic commercial products like AD.

DLP: Symantec Most Used; Proofpoint Best for Outbound Email Filtering/Encryption

Symantec offers multiple DLP solutions that tie together well within a much broader security portfolio. Customers feel it is the most robust solution on the market and gives nearly all the DLP functionality one could want. It does have a higher price point. Proofpoint excels in outbound email encryption and filtering. Cisco also meets needs, with customers deploying multiple products. Customers of Forcepoint (problematic setups and challenging configuration) and McAfee (hard configuration and numerous false positives) report the most challenges. Organizations are more likely to deploy DLP as they increase in complexity and size.

SIEM: IBM and Splunk Lead in Performance and Market Share

IBM and Splunk both offer robust solutions that scale well to meet the needs of large hospitals and IDNs and require significant setup. After pushing through a steep learning curve, IBM customers have achieved robust reporting with strong dashboards. Splunk offers strong functionality and reliability as well as excellent big-data tools at a high price point. SolarWinds is attractive for small organizations thanks to a lower price point; it is used primarily for network and infrastructure monitoring. McAfee meets basic needs, but development has been slow. Up-and-comer LogRhythm has a large number of deployments underway. The SIEM market has yet to coalesce around a few market leaders—organizations report using 41 different vendors.

Deloitte and FireEye Offer Great Security Services; NTT DATA Portfolio Broad but Weaker