In today’s data-driven world, organizations face increasing pressure to meet stringent compliance requirements and data sovereignty regulations. This is particularly true in highly regulated industries like healthcare, where the stakes are high, and the risks of non-compliance can lead to significant fines, reputational damage, and even threats to patient safety. In this article, we’ll take a closer look at how Broadcom partner Novacoast successfully navigated a U.S. healthcare organization through these challenges.
The Challenge: Data Visibility and Compliance in Healthcare
Healthcare organizations are entrusted with vast amounts of sensitive data, including patient information, billing records, and employee details. With approximately 400,000 employees, a Minnesota-based healthcare customer faced a monumental challenge managing sensitive data. While the organization was using Symantec Data Loss Prevention (DLP), it needed a more automated, streamlined approach to manage the data.
With hundreds of thousands of endpoints, the organization faced "millions of findings" from their DLP scans. Sensitive data, such as billing information, customer service records, and employee personally identifiable information (PII), was scattered across local machines, creating an overwhelming backlog for the security team. The manual process to resolve this issue was both inefficient and frustrating for all parties involved.
“Security teams would identify violations and reach out to individual users with lists of files that violated DLP policies, asking them to either delete unnecessary files or move required files to secure file shares. However, by the time security personnel contacted users—often days, weeks, or months later—many files had been moved, renamed, or deleted through normal business operations, leaving the security team ‘chasing ghosts’ when they tried to help remediate the issues,” explained Novacoast CSO Jonathan Poon.
The Solution: A Custom Application Built on Broadcom’s Symantec DLP API
Leveraging Broadcom’s Symantec DLP API, Novacoast developed a custom Windows application that automated the remediation process for sensitive data findings. The application was designed to be user-friendly, enabling employees to address violations incrementally without feeling overwhelmed.
The solution worked by programmatically pulling down DLP tickets for specific machines and presenting users with actionable options. For example, users could identify whether they still needed certain files, delete unnecessary files, or move sensitive data to more secure, centralized locations. The application also provided default justifications for common scenarios and streamlined the process of relocating files to designated secure shares based on the user’s role and the type of data involved.
“The initial development of the tool took approximately three to four months, followed by a carefully phased rollout over multiple months. The application addressed several complex technical challenges, including handling shared machines where multiple users could access the same endpoint, requiring unique identification based on both username and hostname combinations,” said Poon.
Key Benefits of the Solution
- Improved Data Visibility and Control: The custom application provided the organization with much-needed visibility into where sensitive data was stored, enabling them to take proactive measures to secure it.
- Enhanced Compliance: By systematically addressing DLP findings, the organization met regulatory requirements to secure sensitive data and maintain proper controls.
- Reduced Operational Burden: Automating the remediation process significantly reduced the workload for the security team, allowing them to focus on higher-priority tasks.
- User-Friendly Design: The application’s batch processing and intuitive interface ensured that end-users could participate in the cleanup process without feeling overwhelmed.
The Role of Broadcom’s API-Driven Approach
By leveraging Broadcom’s Symantec DLP API, Novacoast delivered a customized solution that addressed the healthcare organization’s data visibility and security challenges, enabling them to meet regulatory requirements and reduce their risk exposure. As Poon noted, “Symantec did well by putting APIs in all of their products because large enterprises often have unique use cases.” This flexibility allowed Novacoast to tailor the DLP solution to the healthcare organization’s specific needs, demonstrating the power of API-first architectures in addressing complex enterprise challenges.
Data Sovereignty and Compliance: A Broader Perspective
In addition to helping organizations meet compliance regulations, Broadcom partners play an important role in meeting data sovereignty requirements. For example, in Europe, data sovereignty regulations mandate that sensitive data must be stored and managed within the region to ensure compliance with laws like the General Data Protection Regulation (GDPR).
Benjamin Hünemeyer, Managing Director at ITQ, another Broadcom partner, emphasized the importance of meeting those data sovereignty requirements in his work with a German software provider. “It was highly important for them to ensure that data is only stored in Europe and managed exclusively by European employees,” Hünemeyer explained. By leveraging VMware Cloud Foundation (VCF), the organization was able to maintain full control over data encryption, storage, and management, ensuring compliance with European regulations.
Data sovereignty concerns have also driven the adoption of private cloud solutions, which offer the flexibility of public cloud environments while providing greater control over data security. Francisco Perez van der Oord, founder and president of ITQ highlighted this trend, stating, “Private clouds provide competitive moats. It gives you all the flexibility that a public cloud would give you, but then in a private sense.” For organizations that handle sensitive data, private cloud solutions offer a compelling solution to meet both compliance and operational needs.
The High Impact of Partner-led Services
As Broadcom continues to focus on creating innovative technologies, its partner-led services approach is delivering high impact to customers, whether it’s enabling data sovereignty in Europe or managing sensitive data in healthcare. As the regulatory landscape continues to evolve throughout the world, our partners have regional knowledge, deep technical expertise, and passion for customer service to provide measurable value for years to come.