Preferences
Related Series
Cybersecurity 2017
Understanding the Healthcare Security Landscape
The importance of security in healthcare needs no introduction. Healthcare organizations find themselves constantly at risk for breaches or even direct attacks, situations for which they are often underprepared. In partnership with CHIME, KLAS interviewed nearly 200 organizations about their security programs (speaking primarily with CISOs, CIOs, CTOs, and other security professionals). This report focuses on the most impactful technologies—specifically DLP, IAM, MDM, and SIEM—and the services provider organizations use most frequently to meet security needs. For benchmarking purposes, interviewed organizations also shared best practices from and insights regarding their current security programs since security in healthcare has changed so rapidly over the past two years.
Healthcare Organizations Still Focusing on Foundational Technology
Firewalls and Antivirus/Malware Protection Reported as Most Impactful
Healthcare organizations feel behind when it comes to cybersecurity and say that their organizations benefit most from vendors that offer foundational technology, such as firewalls, antivirus and malware-protection solutions, and encryption. Specifically, Cisco and Symantec are mentioned most frequently, driving value with broad portfolios that address many needs. Single-threaded vendors Palo Alto Networks (firewalls) and Proofpoint (email encryption) exceed expectations in their respective areas. Software for DLP, IAM, MDM, SIEM, and anomalous-behavior monitoring has yet to make the projected impact due in part to still-maturing deployments and lack of resources and understanding.
MDM: VMware (AirWatch) Has the MDM Market on Lockdown
VMware is considered the Cadillac solution of the MDM market and is used more frequently than the next three most common solutions combined. Its broad functionality can meet almost any customer need, regardless of strategy (BYOD or company-issued devices). VMware is noted to work better with iOS than Android devices. Other solutions may be priced more competitively, though customers note they have less functionality. Microsoft (primarily used with email), Citrix (poor iOS support), and MobileIron (lacking containerizing) all have certain customer-reported limitations. The limited feedback on IBM is promising, though most customers use it simplistically to lock down email or prevent sharing or application downloads.
IAM: Imprivata Leading the Way; Microsoft Most Widely Used
Enterprise IAM in healthcare is still a long way off. Most solutions are used only for certain aspects of IAM. While not a complete IAM solution, Imprivata excels in identity management with strong single sign-on (SSO), two-factor authentication, and biometric scanning. Microsoft is the most frequently used since Active Directory (AD) is the de facto access management standard for many organizations. Few use Microsoft for identity management, and many say Microsoft doesn’t fully meet their needs in areas like provisioning. Other solutions are infrequently used and often described as not meeting many needs. Many providers layer homegrown tools on top of basic commercial products like AD.
DLP: Symantec Most Used; Proofpoint Best for Outbound Email Filtering/Encryption
Symantec offers multiple DLP solutions that tie together well within a much broader security portfolio. Customers feel it is the most robust solution on the market and gives nearly all the DLP functionality one could want. It does have a higher price point. Proofpoint excels in outbound email encryption and filtering. Cisco also meets needs, with customers deploying multiple products. Customers of Forcepoint (problematic setups and challenging configuration) and McAfee (hard configuration and numerous false positives) report the most challenges. Organizations are more likely to deploy DLP as they increase in complexity and size.
SIEM: IBM and Splunk Lead in Performance and Market Share
IBM and Splunk both offer robust solutions that scale well to meet the needs of large hospitals and IDNs and require significant setup. After pushing through a steep learning curve, IBM customers have achieved robust reporting with strong dashboards. Splunk offers strong functionality and reliability as well as excellent big-data tools at a high price point. SolarWinds is attractive for small organizations thanks to a lower price point; it is used primarily for network and infrastructure monitoring. McAfee meets basic needs, but development has been slow. Up-and-comer LogRhythm has a large number of deployments underway. The SIEM market has yet to coalesce around a few market leaders—organizations report using 41 different vendors.
Deloitte and FireEye Offer Great Security Services; NTT DATA Portfolio Broad but Weaker
Frequently used for advisory work, Deloitte partners with customers, listens to specific needs, and tailors recommendations. FireEye excels at managed security services thanks to their acquisition of Mandiant. FireEye’s knowledgeable consultants and vast software expertise convey a broad industry perspective. CynergisTek customers love the healthcare focus of the firm’s advisory work. NTT DATA’s broad experience, especially in managed SIEM services, doesn’t translate to high performance. Customers want more holistic security assessments and better tailor-made recommendations.
Designer
Natalie Jamison
Project Manager
Robert Ellis
This material is copyrighted. Any organization gaining unauthorized access to this report will be liable to compensate KLAS for the full retail price. Please see the KLAS DATA USE POLICY for information regarding use of this report. © 2024 KLAS Research, LLC. All Rights Reserved. NOTE: Performance scores may change significantly when including newly interviewed provider organizations, especially when added to a smaller sample size like in emerging markets with a small number of live clients. The findings presented are not meant to be conclusive data for an entire client base.