Premium Reports
Cybersecurity 2017

Cybersecurity 2017
Understanding the Healthcare Security Landscape

Authored by: | Read Time: 4  minutes

The importance of security in healthcare needs no introduction. Healthcare organizations find themselves constantly at risk for breaches or even direct attacks, situations for which they are often underprepared. In partnership with CHIME, KLAS interviewed nearly 200 organizations about their security programs (speaking primarily with CISOs, CIOs, CTOs, and other security professionals). This report focuses on the most impactful technologies—specifically DLP, IAM, MDM, and SIEM—and the services provider organizations use most frequently to meet security needs. For benchmarking purposes, interviewed organizations also shared best practices from and insights regarding their current security programs since security in healthcare has changed so rapidly over the past two years.



Healthcare Organizations Still Focusing on Foundational Technology

Firewalls and Antivirus/Malware Protection Reported as Most Impactful

Healthcare organizations feel behind when it comes to cybersecurity and say that their organizations benefit most from vendors that offer foundational technology, such as firewalls, antivirus and malware-protection solutions, and encryption. Specifically, Cisco and Symantec are mentioned most frequently, driving value with broad portfolios that address many needs. Single-threaded vendors Palo Alto Networks (firewalls) and Proofpoint (email encryption) exceed expectations in their respective areas. Software for DLP, IAM, MDM, SIEM, and anomalous-behavior monitoring has yet to make the projected impact due in part to still-maturing deployments and lack of resources and understanding.

technologies with greatest impact
mdm dlp iam siem defenitions



MDM: VMware (AirWatch) Has the MDM Market on Lockdown

VMware is considered the Cadillac solution of the MDM market and is used more frequently than the next three most common solutions combined. Its broad functionality can meet almost any customer need, regardless of strategy (BYOD or company-issued devices). VMware is noted to work better with iOS than Android devices. Other solutions may be priced more competitively, though customers note they have less functionality. Microsoft (primarily used with email), Citrix (poor iOS support), and MobileIron (lacking containerizing) all have certain customer-reported limitations. The limited feedback on IBM is promising, though most customers use it simplistically to lock down email or prevent sharing or application downloads.

mdm vendor performance



IAM: Imprivata Leading the Way; Microsoft Most Widely Used

Enterprise IAM in healthcare is still a long way off. Most solutions are used only for certain aspects of IAM. While not a complete IAM solution, Imprivata excels in identity management with strong single sign-on (SSO), two-factor authentication, and biometric scanning. Microsoft is the most frequently used since Active Directory (AD) is the de facto access management standard for many organizations. Few use Microsoft for identity management, and many say Microsoft doesn’t fully meet their needs in areas like provisioning. Other solutions are infrequently used and often described as not meeting many needs. Many providers layer homegrown tools on top of basic commercial products like AD.

iam vendor performance



DLP: Symantec Most Used; Proofpoint Best for Outbound Email Filtering/Encryption

Symantec offers multiple DLP solutions that tie together well within a much broader security portfolio. Customers feel it is the most robust solution on the market and gives nearly all the DLP functionality one could want. It does have a higher price point. Proofpoint excels in outbound email encryption and filtering. Cisco also meets needs, with customers deploying multiple products. Customers of Forcepoint (problematic setups and challenging configuration) and McAfee (hard configuration and numerous false positives) report the most challenges. Organizations are more likely to deploy DLP as they increase in complexity and size.

dlp vendor performance



SIEM: IBM and Splunk Lead in Performance and Market Share

IBM and Splunk both offer robust solutions that scale well to meet the needs of large hospitals and IDNs and require significant setup. After pushing through a steep learning curve, IBM customers have achieved robust reporting with strong dashboards. Splunk offers strong functionality and reliability as well as excellent big-data tools at a high price point. SolarWinds is attractive for small organizations thanks to a lower price point; it is used primarily for network and infrastructure monitoring. McAfee meets basic needs, but development has been slow. Up-and-comer LogRhythm has a large number of deployments underway. The SIEM market has yet to coalesce around a few market leaders—organizations report using 41 different vendors.

siem vendor performance



Deloitte and FireEye Offer Great Security Services; NTT DATA Portfolio Broad but Weaker

what cybersecurity engagements have you done in the past two years

Frequently used for advisory work, Deloitte partners with customers, listens to specific needs, and tailors recommendations. FireEye excels at managed security services thanks to their acquisition of Mandiant. FireEye’s knowledgeable consultants and vast software expertise convey a broad industry perspective. CynergisTek customers love the healthcare focus of the firm’s advisory work. NTT DATA’s broad experience, especially in managed SIEM services, doesn’t translate to high performance. Customers want more holistic security assessments and better tailor-made recommendations.

satisfaction with services



where is cybersecurity in healthcare today

Key Topics

  1. Healthcare Organizations Still Focusing on Foundational Technology—Firewalls and Antivirus/Malware Protection Reported as Most Impactful
  2. MDM—VMware (AirWatch) Has the MDM Market on Lockdown
  3. IAM—Imprivata Leading the Way; Microsoft Most Widely Used
  4. DLP—Symantec Most Used; Proofpoint Best for Outbound Email Filtering/Encryption
  5. SIEM—IBM and Splunk Lead in Performance and Market Share
  6. Services—Deloitte and FireEye Offer Great Security Services; NTT DATA Portfolio Broad but Weaker
 Download Report Brief  Download Full Report

This material is copyrighted. Any organization gaining unauthorized access to this report will be liable to compensate KLAS for the full retail price. Please see the KLAS DATA USE POLICY for information regarding use of this report. © 2019 KLAS Research, LLC. All Rights Reserved. NOTE: Performance scores may change significantly when including newly interviewed provider organizations, especially when added to a smaller sample size like in emerging markets with a small number of live clients. The findings presented are not meant to be conclusive data for an entire client base.