KLAS: These vendors excel at data loss prevention, but they have weaknesses
When it comes to technology on the front lines of healthcare data security, data loss prevention software is one of the key defenses to safeguard protected health information – nearly as important as firewalls and antivirus.
A new report from KLAS looks closely at DLP technology from various vendors, from full-suite to niche, assessing their performance based on interviews with security professionals, mostly chief information security officers. CISOs weighed in the capabilities they're most focused on deploying, the tools they need to support and optimize, and the security insights their DLP tech offers them and more.
DLP software is able to identify protected health information and prevent it from escaping the confines of a health systems's network, whether by hacker or human error.
The technology can safeguard data at rest (scanning servers and hard drives to see where PHI is located, and encrypting it when it's not authorized), data in motion (monitoring of network traffic to filter or encrypt PHI when found in emails or IMs) and data in use (a hospital can monitor how staffers interact with PHI – saving, copying/pasting, etc.).
Why cybersecurity is top of mind for forward-looking healthcare orgs.
KLAS examined how various DLP technologies manage with data encryption, email encryption, email filtering, web filtering, file-sharing encryption, device lockdown and identification of high-risk behaviors. It polled CISOs about full-suite vendors (Digital Guardian, Symantec), limited data vendors (Cisco, Forcepoint, McAfee, Microsoft) and niche technologies (Proofpoint, Zix).
Among KLAS' findings: Symantec’s and Digital Guardian’s wide array of offerings have led to their technologies being most widely adopted among those surveyed; Proofpoint earned-high-marks for intuitive functionality and high capacity for optimization, and Symantec customers liked the alerting and reports it gave them, enabling more actionable insights.
"For larger organizations that prefer a one-stop-shop vendor capable of meeting a variety of needs, Symantec and Digital Guardian offer solutions that are proven to be consistently deployed across multiple capabilities," according to KLAS. "Many smaller organizations prefer to start with a limited DLP scope, such as email filtering/encryption, and then build out the business case for further DLP capabilities."
Optimization is key to a well-running DLP system, and providers want a tool that works well from the get-go but also lends itself well to tailoring to their own specific needs, the report finds.
"All DLP solutions require a period of fine-tuning in order to effectively identify PHI and reduce false positives," researchers said. "Proofpoint’s limited scope of mainly email filtering/encryption capabilities allows them to deliver a product with good baseline rules out of the box and easy optimization through instructive webinars and on-site staff.
"Digital Guardian excels at accurately identifying PHI through their robust fingerprinting/rules capabilities," they added, "though satisfaction is hindered by the timeliness and quality of support staff during and after the initial optimization process."
Once DLP technology has been fine-tuned, the focus turns to the analytics it provides – via dashboards, alerts and other notifications – enabling staff to take preventative action for at-risk PHI, without interfering with clinical workflows
In that area, Symantec earned high mark from CISOs, who said its "robust reporting and configurable alerts enable them to highlight security vulnerabilities and drill down into incidents when sensitive PHI is at risk," according to KLAS. "Forcepoint clients are frustrated by having to create their own reports and dashboards, while Microsoft clients share challenges in pulling reports that support their security programs, though feedback is limited."