Tell us about you

Work Email required

Organization required

First Name required

Last Name required

Job Title required

Phone required (###) ###-####, or int ######...

City required

State/Province required

Tell us about your organization

error messages will go here...

Looks like we’re already familiar with you!

Please press next to continue with the survey.

Looks like we’re already familiar with you!

According to your account type you are not eligible to take surveys at this time. If this is a mistake, please contact KLAS.

If you are trying to access KLAS research data and reports, an email has been sent to   with a link to login.

If the email doesn't appear in your inbox, ask your IT department to add KLASresearch.com to your company spam filter's "whitelist", and check your email's spam folder.

Membership Commitment

In exchange for giving their feedback, healthcare providers can create an account to get access to industry reports, user commentary, and real-time ratings.

By submitting your account request, you are engaged in patient care as either an employee (or contractor) of your provider organization and that you confirm that you have reviewed and agree to abide by the Terms of Use for this website as updated periodically.

To learn more about how we process and protect your personal data, you may view our Privacy policy.

By submitting your account request, you confirm that you have reviewed and agree to abide by the Terms of Use for this website as updated periodically. To learn more about how we process and protect your personal data, you may view our Privacy policy.

By submitting your account request, you confirm that you have reviewed and agree to abide by the Terms of Use for this website as updated periodically.

To learn more about how we process and protect your personal data, you may view our Privacy policy.

 

To learn more about how we process and protect your personal data, you may view our Privacy policy.

 

To learn more about how we process and protect your personal data, you may view our Privacy policy.

Thank You! Your information was submitted successfully!

Next Steps - An email has been sent to . Please follow its instructions to verify your email, and login.

If the email doesn't appear in your inbox, try asking your IT department to add KLASresearch.com to your company spam filter's "whitelist", and checking your email's spam folder.

Thank You! Your information was submitted successfully!

Next Steps - A KLAS representative will contact you to discuss working with KLAS, typically within 24 to 48 hours.

If you have any further questions please contact info@klasresearch.com or 1-801-226-5120.

Surprise! Looks like we already have an account for you.

An email has been sent to blah@blah.com with a link to login.

If the email doesn't appear in your inbox, try asking your IT department to add KLASresearch.com to your company spam filter's "whitelist", and checking your email's spam folder.

Premium Reports
Subject Expert

Contact KLAS

info@klasresearch.com

801.226.5120

KLAS - Contact KLAS
 Download Report Brief  Download Full Report    Zoom in charts

Preferences

   Bookmark

Related Series

 No Related Series

Related Blogs

 End chart zoom
Data Loss Prevention 2017
* A page refresh may be necessary to see the updated image

Data Loss Prevention 2017
Optimization Support Drives Satisfaction; Few Solutions Used Broadly

Authored by: Garrett Hall and Dan Czech December 19, 2017 | Read Time: 4  minutes

Current Time Inside Cache Tag Helper: 7/27/2021 10:14:50 PM and Model.reportId = 1207

Allowing PHI to wrongfully get outside a healthcare organization’s network can create sizeable regulatory and financial consequences for organizations and erode public trust. Risks to a healthcare organization’s sensitive data—whether unintentional or malicious—must be identified and neutralized. In order to understand how organizations are addressing these challenges, KLAS spoke with 100 security professionals, largely CISOs, to learn about their DLP strategies. While most organizations are confident in their solution’s ability to prevent PHI loss, KLAS uncovered the capabilities providers are most commonly adopting, how broadly DLP solutions are deployed, which DLP solutions require significant support and optimization, and how actionable the insights are that DLP vendors are producing.

Healthcare Providers,
Want to see more reports?

Not a Provider, contact us for pricing details.

HtmlReportContent Current Time Inside Cache Tag Helper: 7/27/2021 10:14:50 PM and Model.reportId= 1207 and Model.HtmlReportContent_LastWriteTimeUtcInTicks=637532542773764852

Industry Insights and Context

Securing protected health information (PHI) is crucial for healthcare organizations. Cybersecurity professionals look to a variety of security software solutions and services to ensure that sensitive information and devices are safeguarded. KLAS currently measures and plans to measure cybersecurity solutions across many segments that have the broadest impact on healthcare organizations. Below is a summary of how DLP fits into KLAS’ cybersecurity measurement framework.

KLAS Cybersecurity Measurement Framework


klas cybersecurity measurement framework

What Is DLP?

Software designed to identify and prevent protected health information (PHI) from leaving a healthcare organization whether by accident or by malicious intent. DLP products can protect content in its 3 main states:

Data at Rest
The scanning of storage, servers, and/or hard drives to identify where PHI is located. When PHI is found and not authorized, data is encrypted.

Data in Motion
The most common method of DLP. This includes the monitoring of network traffic being sent via specific communication methods such as email, web, instant messaging, etc. Data can be encrypted and/or filtered while in motion.

Data in Use
This is typically on endpoints as an end user interacts with data. For example, an organization could monitor an employee trying to save data to a USB drive, copy and paste, or use data in an unauthorized application.

Why Measure DLP?

In February 2017, KLAS published a comprehensive look at cybersecurity within healthcare organizations. DLP—along with email filtering/encryption and web monitoring/filtering—was one of the most frequently mentioned technologies used by security professionals that had the greatest impact for their organization.

technologies with greatest impact

How Does KLAS Measure DLP in This Report?

KLAS asked each provider organization what DLP capabilities they had live from their vendor to assess how broadly DLP vendors are being used. They were specifically asked about the following capabilities, which are the key methods for protecting PHI from leaving an organization.


how does klas measure dlp in this report

Note: As KLAS continues to measure our framework for cybersecurity in healthcare, provider participation is the lifeblood of our research. To include your voice in our efforts, please email dan.czech@klasresearch.com.

1. Symantec’s and Digital Guardian’s Broad Portfolios Most Deeply Adopted

One of the first things to consider in selecting a DLP solution is what capabilities are needed to support an organization’s DLP policy. For larger organizations that prefer a one-stop-shop vendor capable of meeting a variety of needs, Symantec and Digital Guardian offer solutions that are proven to be consistently deployed across multiple capabilities. Many smaller organizations prefer to start with a limited DLP scope, such as email filtering/encryption, and then build out the business case for further DLP capabilities. From a limited sample, McAfee (data encryption) and Forcepoint (web filtering) are often initially used for targeted purposes, though each has customers using them for all key capabilities.

dlp usage at a glance

2. Proofpoint Delivers Out-of-the-Box Functionality and Strong Optimization

All DLP solutions require a period of fine-tuning in order to effectively identify PHI and reduce false positives. Proofpoint’s limited scope of mainly email filtering/encryption capabilities allows them to deliver a product with good baseline rules out of the box and easy optimization through instructive webinars and on-site staff. Digital Guardian excels at accurately identifying PHI through their robust fingerprinting/rules capabilities, though satisfaction is hindered by the timeliness and quality of support staff during and after the initial optimization process.

what is fingerprintingwhich vendors help quickly realize dlp confidence

3. Symantec’s Robust Reports and Alerting Provide Consistently Actionable Insights

Once a DLP system is properly configured to accurately identify PHI, organizations want their solution to deliver timely insights through dashboards, alerts, or email notifications that allow them to take proper action to prevent PHI from leaving. This allows an organization to follow up promptly without hindering clinician workflow. While Symantec rates similarly to other vendors, respondents consistently report that Symantec’s robust reporting and configurable alerts enable them to highlight security vulnerabilities and drill down into incidents when sensitive PHI is at risk. Forcepoint clients are frustrated by having to create their own reports and dashboards, while Microsoft clients share challenges in pulling reports that support their security programs, though feedback is limited.

providing actionable insights

The Bottom Line on Vendors


the bottom line on vendors

 Download Report Brief  Download Full Report

This material is copyrighted. Any organization gaining unauthorized access to this report will be liable to compensate KLAS for the full retail price. Please see the KLAS DATA USE POLICY for information regarding use of this report. © 2021 KLAS Research, LLC. All Rights Reserved. NOTE: Performance scores may change significantly when including newly interviewed provider organizations, especially when added to a smaller sample size like in emerging markets with a small number of live clients. The findings presented are not meant to be conclusive data for an entire client base.