Data Loss Prevention 2017
Optimization Support Drives Satisfaction; Few Solutions Used Broadly

Industry Insights and Context

Securing protected health information (PHI) is crucial for healthcare organizations. Cybersecurity professionals look to a variety of security software solutions and services to ensure that sensitive information and devices are safeguarded. KLAS currently measures and plans to measure cybersecurity solutions across many segments that have the broadest impact on healthcare organizations. Below is a summary of how DLP fits into KLAS’ cybersecurity measurement framework.

KLAS Cybersecurity Measurement Framework

What Is DLP?

Software designed to identify and prevent protected health information (PHI) from leaving a healthcare organization whether by accident or by malicious intent. DLP products can protect content in its 3 main states:

Data at Rest
The scanning of storage, servers, and/or hard drives to identify where PHI is located. When PHI is found and not authorized, data is encrypted.

Data in Motion
The most common method of DLP. This includes the monitoring of network traffic being sent via specific communication methods such as email, web, instant messaging, etc. Data can be encrypted and/or filtered while in motion.

Data in Use
This is typically on endpoints as an end user interacts with data. For example, an organization could monitor an employee trying to save data to a USB drive, copy and paste, or use data in an unauthorized application.

Why Measure DLP?

In February 2017, KLAS published a comprehensive look at cybersecurity within healthcare organizations. DLP—along with email filtering/encryption and web monitoring/filtering—was one of the most frequently mentioned technologies used by security professionals that had the greatest impact for their organization.

How Does KLAS Measure DLP in This Report?

KLAS asked each provider organization what DLP capabilities they had live from their vendor to assess how broadly DLP vendors are being used. They were specifically asked about the following capabilities, which are the key methods for protecting PHI from leaving an organization.

Note: As KLAS continues to measure our framework for cybersecurity in healthcare, provider participation is the lifeblood of our research. To include your voice in our efforts, please email dan.czech@klasresearch.com.

1. Symantec’s and Digital Guardian’s Broad Portfolios Most Deeply Adopted

One of the first things to consider in selecting a DLP solution is what capabilities are needed to support an organization’s DLP policy. For larger organizations that prefer a one-stop-shop vendor capable of meeting a variety of needs, Symantec and Digital Guardian offer solutions that are proven to be consistently deployed across multiple capabilities. Many smaller organizations prefer to start with a limited DLP scope, such as email filtering/encryption, and then build out the business case for further DLP capabilities. From a limited sample, McAfee (data encryption) and Forcepoint (web filtering) are often initially used for targeted purposes, though each has customers using them for all key capabilities.

2. Proofpoint Delivers Out-of-the-Box Functionality and Strong Optimization

All DLP solutions require a period of fine-tuning in order to effectively identify PHI and reduce false positives. Proofpoint’s limited scope of mainly email filtering/encryption capabilities allows them to deliver a product with good baseline rules out of the box and easy optimization through instructive webinars and on-site staff. Digital Guardian excels at accurately identifying PHI through their robust fingerprinting/rules capabilities, though satisfaction is hindered by the timeliness and quality of support staff during and after the initial optimization process.

3. Symantec’s Robust Reports and Alerting Provide Consistently Actionable Insights

Once a DLP system is properly configured to accurately identify PHI, organizations want their solution to deliver timely insights through dashboards, alerts, or email notifications that allow them to take proper action to prevent PHI from leaving. This allows an organization to follow up promptly without hindering clinician workflow. While Symantec rates similarly to other vendors, respondents consistently report that Symantec’s robust reporting and configurable alerts enable them to highlight security vulnerabilities and drill down into incidents when sensitive PHI is at risk. Forcepoint clients are frustrated by having to create their own reports and dashboards, while Microsoft clients share challenges in pulling reports that support their security programs, though feedback is limited.

The Bottom Line on Vendors

Designer
Jess Wallace-Simpson