HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Zoho Vault Review

There are some Zoho Vault reviews that give this password manager high marks for the rich security feature set and there are others that dock marks for application inconsistencies. Our Zoho Vault review balances security, usability, and cost to determine whether this password manager is an acceptable security solution for businesses required to comply with the HIPAA Security Rule.

Many password manager reviews are subjective inasmuch as the author of the review has a particular use in mind. For example, some reviewers analyze the password manager´s capabilities from a business perspective, while others take into account the user experience – but often from an individual´s user experience that includes the registration, set-up, and management processes.

This Zoho Vault review is also subjective inasmuch as it considers the role the password manager can play in HIPAA compliance while also considering the user experience without the registration, set-up, and management processes. This is because the most common use case in a regulated environment is to protect corporate accounts and databases – and information stored within them

The user experience is still important; because, if the user experience is poor, users will find ways to circumnavigate the password manager. However, most businesses required to comply with the HIPAA Security Rule have a Security Office responsible for the technicalities of registration, set-up, and management. They are also responsible for ensuring the password manager is used compliantly.

Vault Password Managers and Zoho Vault

As the name suggests, Zoho Vault is a password manager that enables users to store passwords and other credentials in cloud vaults. Because the vaults are located in the cloud, stored passwords, card details, addresses, and other data can be accessed from any device using any operating systems via the Internet or through a selection of mobile, desktop, and browser apps.

The benefit of a vault password manager is that users only have to remember one password – the master password to log into the vault. The master password also acts as an encryption key to encrypt data inside the vault so that if the software supplier – in this case Zoho Vault – is ever hacked, the hacker will not be able to use any data extracted during the breach.

Vault password managers enable users to create unique, complex passwords for each account to reduce the risk of accounts being hacked via brute force attacks. They can also be used to securely share credentials between users to prevent passwords included in unsecure communications (SMS, email, etc.) being intercepted in man-in-the-middle attacks.

With regards to Zoho Vault, the password manager is part of the Zoho Suite. It can be subscribed to separately or as part of a package that includes collaboration, productivity, marketing, and security tools. Subscriptions can be paid monthly or annually – which attracts a discount – and the prices quoted in this Zoho Vault review reflect the annual cost of a standalone subscription.

The Zoho Vault Subscription Plans

Zoho Vault offers a choice of four plans starting with a free point of entry. The “Free Forever” plan is possibly the best on the market – containing features such as a password policy engine, password tracking, two-step login, and a password assessment report that you would usually only find in a premium plan. Unfortunately, it is only suitable for personal users rather than businesses.

The “Standard Plan” ($10.80 per user per year) can be subscribed to individually, or accounts can be linked to facilitate user provisioning, roles, and management via centralized admin controls. This plan includes automated cloud backup, a policy engine that can restrict user access by IP address, and integration with G Suite and Office 365. You can also access credentials offline.

Zoho Vault´s most popular plan is the “Professional Plan” ($54.00 per user per year) which includes everything in the Standard Plan plus the capabilities to create user groups, share folders, and pull user access and activity reports (a requirement for compliance with the Security Rule). This plan also supports webhook and CLI integration to extend the capabilities of the password manager.

At the top end of the scale, the “Enterprise Plan” ($86.40 per user per year) includes the rich security feature set often responsible for high-rated Zoho Vault reviews. The feature set includes integrations with Active Directory, OneLogin, and Okta, SSO for cloud apps, and request-release password access controls. You can also configure Zoho Vault to generate alerts for different types of password events.

The Suitability of Zoho Vault for HIPAA Compliance

The suitability of Zoho Vault for HIPAA compliance depends on what the password manager will be used for. If a business is not going to store or share Protected Health Information via the password manager, any of the paid-for subscription plans would be suitable. If Protected Health Information is going to be shared, it would be necessary to subscribe to a Professional or Enterprise plan.

(Note: Zoho Vault will enter into a Business Associate Agreement with HIPAA Covered Entities and Business Associates).

However, subscribing to any plan does not ensure HIPAA compliance because compliance depends on the actions of users, and this is where issues can manifest. Although Zoho Vault has an extremely friendly user interface to support the ease of adoption, ongoing adoption may be hindered by issues with application inconsistencies such as certain apps failing to capture passwords or autofill forms.

If your workforce can cope with the occasional glitch, the cost of Zoho Vault compares well with most other password managers – but not all. For example, Zoho Vault´s Enterprise Plan is much cheaper than comparable plans offered by Dashlane, 1Password, Keeper, and NordPass, but $26.40 more expensive per user than Bitwarden. A significant cost difference for a large business.

To conclude our Zoho Vault review, we recommend that businesses required to comply with the HIPAA Security Rule include Zoho Vault in their considerations, take advantage of the free trial, and evaluate the password manager alongside other security solutions to see whether application inconsistencies affect the workforce and whether the rich security feature set justifies the cost.