Large Managed healthcare Provider
Despite spending more than $1M per year on HIPAA compliance training, an internal audit at one of the largest managed healthcare providers in North America identified a significant risk of non-compliance. The company’s auditors recommended stricter controls, both on and off the corporate network.
The organization had strong network defenses, but also many mobile users. A Virtual Private Network (VPN) was in place, but users were not diligent in using it. Enforcing controls on users that were not connected to the network was impossible. The training program failed, because it was a specific event rather than an ongoing process. When people used data,. their focus was on the task, not on the training from months ago.
Guarantee that all traffic flows through their network to take advantage of their investment in infrastructure security.Block all data egress for users disconnected from the corporate network.Prevent the use of multiple network adapters used to bypass corporate controls.Educate users on corporate policies in real time to influence behavior and reinforce training.
Digital Guardian was the only solution that could provide real time policy application based on network awareness, enforce connections through the company’s VPN and prompt users who might otherwise violate appropriate use policies.Digital Guardian personnel worked with this client to structure policies supporting its requirements in the Digital Guardian Management Console. Digital Guardian endpoint agents, operating at the kernel level, enforced these policies on and off the network.
After deploying Digital Guardian, the customer could monitor all data movement,
enforce the use of the company’s VPN for remote users, block multiple network
adaptors and communicate company requirements to users attempting to violate
policies. In the first six months of use, they reported an 85% decrease in prompts to users, indicating a significant increase in policy awareness and secure employee behavior.