At KLAS, our mission is to publish research that will benefit healthcare providers. So when Data Loss Prevention (DLP) software surfaced in our 2017 Cybersecurity report as one of the most impactful security technologies, we knew we had to dig deeper.
By the end of 2017, we had interviewed 100 healthcare security professionals about their DLP strategies and published KLAS’ first ever Data Loss Prevention report. I’d expected to learn a lot from this first dive into the segment, but I hadn’t expected so many surprises.
Surprise #1: Low Adoption
While firewall and antivirus tools keep things like malware and ransomware out of an organization, DLP software is designed to keep PHI and other data in the organization. This can be done in several ways, such as encrypting shared files, filtering emails, locking down storage devices, and identifying high-risk behaviors of end users.
Email filtering/encryption had been third on the list of technologies with greatest impact from our Cybersecurity report, so we knew that most organizations we spoke to would be using that functionality. But even though other DLP functionality had been fourth on that same list, fewer organizations than anticipated had adopted tools across the DLP continuum.
A common theme emerged: Many organizations, particularly small ones, choose to start their DLP journeys by procuring a focused tool — often Proofpoint’s or Zix’s — for strictly email filtering and encryption. Generally, larger organizations or organizations who are able to secure extra resources end up purchasing the rest of the DLP functionality types.
Surprise #2: Multiple Solutions
A couple of vendors — namely Digital Guardian and Symantec — offer comprehensive suites that cover all of the major DLP bases. KLAS expected to see these suites used as one-stop shops for many provider organizations. That brings us to the second surprise, which is that the Digital Guardian and Symantec tools were broadly used in all of the DLP areas but less frequently as one-stop-shops.
Apparently, a lot of the organizations that start with an email tool like Proofpoint’s and then expand to a full-suite vendor actually keep the old tool as well as the new functionality. In nearly every other market segment of health IT, the current trend is to let one vendor handle as much as possible and ditch tools from other vendors. But DLP software doesn’t need the same integration as other tools. For most provider organizations using DLP tools from multiple vendors, consolidation isn’t a priority, and redundancy provides extra security layers.
Surprise #3: Poor Support the Deal-Breaker
So if having two DLP tools and some overlap in covered functionality doesn’t bother many providers, what does? According to KLAS’ research, the email filtering/encryption vendors achieve impressive customer loyalty despite their tools’ limited functionality, but several of the other DLP vendors suffer with potential-turnover rates as high as 40 percent. Why? Because their customers aren’t getting adequate support.
Whether it be due to an acquisition (Digital Guardian), high optimization needs (Symantec), an escalation-heavy support structure (Microsoft), or general service issues (Forcepoint), all of the DLP vendors with customers who are eager to leave struggle with support. This could have something to do with DLP software itself; many of the tools require extensive fine-tuning both initially and on an ongoing basis. But no matter the possible excuses, DLP vendors can’t escape the truth that KLAS sees throughout our research: Providers need, above all else, supportive partners and vendor guidance.
More Surprises to Come?
One of the hardest parts of helping create a KLAS report is having to wait to see what happens next in the space. As a relatively new area, DLP is sure to evolve. I hope to see more providers take advantage of the help offered by DLP software and more vendors step up their game in support.