Premium Reports
Data Loss Prevention 2017

Data Loss Prevention 2017
Optimization Support Drives Satisfaction; Few Solutions Used Broadly

Authored by: | Read Time: 4  minutes

Allowing PHI to wrongfully get outside a healthcare organization’s network can create sizeable regulatory and financial consequences for organizations and erode public trust. Risks to a healthcare organization’s sensitive data—whether unintentional or malicious—must be identified and neutralized. In order to understand how organizations are addressing these challenges, KLAS spoke with 100 security professionals, largely CISOs, to learn about their DLP strategies. While most organizations are confident in their solution’s ability to prevent PHI loss, KLAS uncovered the capabilities providers are most commonly adopting, how broadly DLP solutions are deployed, which DLP solutions require significant support and optimization, and how actionable the insights are that DLP vendors are producing.


Industry Insights and Context

Securing protected health information (PHI) is crucial for healthcare organizations. Cybersecurity professionals look to a variety of security software solutions and services to ensure that sensitive information and devices are safeguarded. KLAS currently measures and plans to measure cybersecurity solutions across many segments that have the broadest impact on healthcare organizations. Below is a summary of how DLP fits into KLAS’ cybersecurity measurement framework.


KLAS Cybersecurity Measurement Framework


klas cybersecurity measurement framework


What Is DLP?

Software designed to identify and prevent protected health information (PHI) from leaving a healthcare organization whether by accident or by malicious intent. DLP products can protect content in its 3 main states:

Data at Rest
The scanning of storage, servers, and/or hard drives to identify where PHI is located. When PHI is found and not authorized, data is encrypted.

Data in Motion
The most common method of DLP. This includes the monitoring of network traffic being sent via specific communication methods such as email, web, instant messaging, etc. Data can be encrypted and/or filtered while in motion.

Data in Use
This is typically on endpoints as an end user interacts with data. For example, an organization could monitor an employee trying to save data to a USB drive, copy and paste, or use data in an unauthorized application.

Why Measure DLP?

In February 2017, KLAS published a comprehensive look at cybersecurity within healthcare organizations. DLP—along with email filtering/encryption and web monitoring/filtering—was one of the most frequently mentioned technologies used by security professionals that had the greatest impact for their organization.


technologies with greatest impact


How Does KLAS Measure DLP in This Report?

KLAS asked each provider organization what DLP capabilities they had live from their vendor to assess how broadly DLP vendors are being used. They were specifically asked about the following capabilities, which are the key methods for protecting PHI from leaving an organization.


how does klas measure dlp in this report


Note: As KLAS continues to measure our framework for cybersecurity in healthcare, provider participation is the lifeblood of our research. To include your voice in our efforts, please email garrett.hall@klasresearch.com or dan.czech@klasresearch.com.





1. Symantec’s and Digital Guardian’s Broad Portfolios Most Deeply Adopted

One of the first things to consider in selecting a DLP solution is what capabilities are needed to support an organization’s DLP policy. For larger organizations that prefer a one-stop-shop vendor capable of meeting a variety of needs, Symantec and Digital Guardian offer solutions that are proven to be consistently deployed across multiple capabilities. Many smaller organizations prefer to start with a limited DLP scope, such as email filtering/encryption, and then build out the business case for further DLP capabilities. From a limited sample, McAfee (data encryption) and Forcepoint (web filtering) are often initially used for targeted purposes, though each has customers using them for all key capabilities.

dlp usage at a glance



2. Proofpoint Delivers Out-of-the-Box Functionality and Strong Optimization

All DLP solutions require a period of fine-tuning in order to effectively identify PHI and reduce false positives. Proofpoint’s limited scope of mainly email filtering/encryption capabilities allows them to deliver a product with good baseline rules out of the box and easy optimization through instructive webinars and on-site staff. Digital Guardian excels at accurately identifying PHI through their robust fingerprinting/rules capabilities, though satisfaction is hindered by the timeliness and quality of support staff during and after the initial optimization process.


what is fingerprinting
which vendors help quickly realize dlp confidence



3. Symantec’s Robust Reports and Alerting Provide Consistently Actionable Insights

Once a DLP system is properly configured to accurately identify PHI, organizations want their solution to deliver timely insights through dashboards, alerts, or email notifications that allow them to take proper action to prevent PHI from leaving. This allows an organization to follow up promptly without hindering clinician workflow. While Symantec rates similarly to other vendors, respondents consistently report that Symantec’s robust reporting and configurable alerts enable them to highlight security vulnerabilities and drill down into incidents when sensitive PHI is at risk. Forcepoint clients are frustrated by having to create their own reports and dashboards, while Microsoft clients share challenges in pulling reports that support their security programs, though feedback is limited.

providing actionable insights



The Bottom Line on Vendors


the bottom line on vendors


Key Findings

  1. Symantec’s and Digital Guardian’s Broad Portfolios Most Deeply Adopted
  2. Proofpoint Delivers Out-of-the-Box Functionality and Strong Optimization
  3. Symantec’s Robust Reports and Alerting Provide Consistently Actionable Insights


which vendors help quickly realize dlp confidence

 Download Report Brief  Download Full Report

This material is copyrighted. Any organization gaining unauthorized access to this report will be liable to compensate KLAS for the full retail price. Please see the KLAS DATA USE POLICY for information regarding use of this report. © 2020 KLAS Research, LLC. All Rights Reserved. NOTE: Performance scores may change significantly when including newly interviewed provider organizations, especially when added to a smaller sample size like in emerging markets with a small number of live clients. The findings presented are not meant to be conclusive data for an entire client base.