1 Introduction
Protecting corporate information is a must. Not only are there ever-tightening regulations around PII, financial data, and other types of information, but the corporate value of many organizations is based primarily on their information assets. Information has become the crown jewel of organizations.
On the other hand, organizations are facing new challenges in information protection. On the positive side, the way information is shared with business partners and customers and is accessed by increasingly mobile users is changing to support the transformation of business in the Digital Age. On the negative side, organizations are facing ever-increasing cyber-attacks.
The dilemma organizations are facing today is between the need for easier access and sharing, and better protection of information assets demands better solutions. The market segment for such solutions is Enterprise Information Protection (EIP). Enterprise Information Protection is not a homogeneous market, where all vendors follow just one specific approach, but consists of a variety of offerings, each with different focus. Among these solutions we find Enterprise Rights Management (ERM) with protection of information at rest, in motion, and in use; we find secure data rooms and other approaches for secure file sharing and collaboration; and we find solutions that support both manual and automated classification. Furthermore, there are various add-on solutions, which, e.g., support integration into ERP systems and protection of data exports from these platforms.
Factually, a comprehensive approach to EIP must support both classification and protection of information across the entire lifecycle, and support a variety of use cases and user groups. Considering the variety of target systems of information, the desktop and mobile devices used to access that information, and the requirements for both user convenience and security, it becomes obvious that a single solution will rarely be able to cover all these requirements.
For classification, we see a need for specific solutions that balance user convenience with the security and compliance requirements that drive this area of EIP. Classification must be easy to use and be as non-intrusive as possible. On the other hand, it must be good enough to deliver a meaningful classification, which particularly ensures that confidential and restricted information is classified correctly.
This becomes even more complex on mobile devices. User expectations on convenience are higher than on any other type of device. Unfortunately, securing information on mobile devices, which are frequently BYOD (Bring Your Own Device) or devices that are at least partially privately used, is even more complex than on other devices. Classification and information protection for mobile devices thus is a specific challenge that needs specific solutions, targeted at this use case.
To make that challenge even more complex, such solutions must also interoperate with existing ERM solutions and with Enterprise Mobility Management (EMM), if deployed. Classification must integrate well, because user convenience is the key to success.