Amar Jeer

The Cisco Umbrella Replacement That Held Policy Between Every Patient Visit

May 21, 2026
5
 MIN READ
The Cisco Umbrella Replacement That Held Policy Between Every Patient Visit

A home health clinician's morning starts at a kitchen table. She opens the EHR on a corporate laptop tethered to her phone, charts a wound dressing, then drives to a second patient's house and joins their family Wi-Fi long enough to update a medication list. By lunchtime she's at a coffee shop catching up on referrals over open Wi-Fi. By 4pm she's at the office for a team huddle and a final round of charting. That laptop changes networks five or six times in a day, and her organization's IT team needs the policy on the device to hold through every one of those transitions. The Cisco Umbrella replacement the team finally landed on was the first one that did.

Quick read

  • Industry: Healthcare (home health)
  • Replaced: Cisco Umbrella
  • Deployed: dope.SWG

The Security Architect at this SMB home health organization had been managing Cisco Umbrella for a few years. The product had served the early version of the business well enough when more of the work happened from a few central offices. As the field clinician model grew, the cracks showed up. Umbrella's roaming client was supposed to enforce policy off-network. In practice, it would do the right thing on some networks, fail quietly on others, and reset state when the laptop moved between Wi-Fi networks too quickly. Help desk tickets that came back from the field had a pattern: a clinician couldn't reach the EHR after switching networks, and the only way to fix it was to reboot. That isn't a workflow that survives in a HIPAA-regulated environment where charting needs to happen in the patient's home.

Where the search started

The architect spent a few weeks looking at the market. He read the case for replacing Cisco Umbrella in 2026 and the remote work security playbook, both of which named the gap he was experiencing: a roaming client whose policy enforcement depended on reaching a cloud the device couldn't always reach. He needed something that didn't ask the laptop to phone home for permission before applying policy.

The dope.security architecture answered that directly. The on-device proxy holds policy on the laptop. When a clinician swapped networks, the agent kept enforcing. When connectivity dropped for a few minutes between a parking lot and a patient's house, the policy didn't drop with it. The architect built a small pilot of five field clinician laptops and ran it for a couple of weeks before deciding.

What the pilot showed

The pilot showed three things the architect had been hoping for. The first was that the help desk tickets about network-handoff failures stopped on the pilot laptops. The clinicians on the pilot stopped having to reboot to get back into the EHR. The second was that HIPAA-relevant web filtering didn't slow the EHR down at all; clinicians reported no difference in page load times, and a few reported the experience felt slightly faster. The third was visibility. The console showed actual HTTPS traffic categories on those laptops, which Umbrella's DNS-only layer had only ever shown in part.

The architect rolled the rest of the field fleet over in stages. The team kept the agents quiet during a clinician's working day and pushed policy updates during off hours. Clinicians never noticed the cutover.

Why the support matched the customer

Home health organizations don't run security teams the size of large hospital systems. The architect was effectively the security team, and a Cisco Umbrella replacement that came with a Tier 1 ticket queue and an SLA measured in business days wasn't going to fit the way he worked. The dope.security support model paired him with a named engineer who knew his deployment by name. The shared channel had real responses, not auto-replies. When a Windows update on a clinician's laptop interacted oddly with the agent during the rollout, the engineer on the other end was triaging it inside the hour, and the fix was queued the same day. That hands-on, follow-the-sun motion was the part the architect quoted most when he briefed his director.

The 24/7 white glove global support team mattered for one specific reason in home health: the architect couldn't always be at a desk. When he was driving to a clinical site to set up a new laptop, he needed support that could move without him in the room. dope.security worked that way.

"We change networks five times in a day. The previous tool changed personalities five times in a day. dope just stayed on."

- Security Architect, an SMB healthcare organization

The architect drew further support strategy from the remote and hybrid workforce playbook to formalize how policy would behave on field-issued devices.

What changed in practice

  • Network-handoff help desk tickets on field clinician laptops dropped to near zero.
  • HTTPS inspection coverage replaced DNS-only categorization, which closed the gap on encrypted phishing and malware pages.
  • Clinicians stopped rebooting to recover EHR access after switching networks.
  • The architect spent measurably less of his week on roaming-client failures and reclaimed time for HIPAA-policy work that had been backlogged.
  • The renewal motion that had been a yearly source of friction became a non-event.

FAQ

Q: How does on-device policy hold through network changes?

The agent stores and enforces policy locally on the laptop. When the device switches networks, the agent doesn't need to reach a cloud to re-establish policy because the policy is already where the traffic happens. The handoff is invisible to the user.

Q: Does the on-device proxy slow down EHR access?

The home health team didn't see a measurable slowdown in EHR page loads. The traffic path stays local rather than hairpinning to a regional inspection cloud, which is part of why some clinicians described the experience as marginally faster.

Q: Did the team have to redesign the network to deploy dope.SWG?

No. The deployment is at the endpoint, so the team didn't need new network appliances at clinics or new tunnels at the central office. The agent rolled out through the same MDM workflow that managed the rest of the laptop image.

About dope.security

dope.security, the Distributed On-device Proxy Endpoint, is the preferred security vendor for security leaders across SMBs, midsize enterprises, Fortune 500 companies, and the world's top VC and PE firms. Deployed in 83 countries, dope.security protects web, data, and AI traffic globally through its patented fly-direct architecture.

Customer Stories
Customer Stories
Case Studies
Case Studies
Healthcare
Healthcare
Secure Web Gateway
Secure Web Gateway
Remote Work Security
Remote Work Security
back to blog Home

Related Posts

Jun 15, 2026
8
 MIN READ

Zscaler vs. Netskope: Which SSE Platform Is Actually Right for Your Team?

Jun 15, 2026
9
 MIN READ

Remote Access Security in 2026: Why Backhauling to a Data Center Is the Wrong Default

Jun 15, 2026
9
 MIN READ

Cisco Umbrella and Encrypted Client Hello: The DNS Blind Spot Coming in 2026

Check
Dope Security logo - links to the home page.
It’s not that we’re mad at yesterday’s cybersecurity.  Just disappointed.  So we made it better.  We made it easier.

We made it dope.
sales@dope.security
Call Us
about
Our Story
Our Crew
Newsroom
Events
Partners
compare
Forcepoint
Zscaler
Cisco Umbrella
Netskope
Testimonials
documentation
Support
User Manual
[ DOPE.FOOTER ]
© 2026 dope.security Inc.
Made with
in California
EULAPRIVACYLEGALmanage cookies