Enterprise Information Protection
The perimeter of the corporation has transformed into a much more fluid and permeable boundary than it once was. Sensitive information is now routinely accessed with personal and business devices by employees, and mass remote work further exacerbates this trend. Advanced methods for the protection of sensitive data are necessary. This Leadership Brief is an overview of the role that Enterprise Information Protection solutions play in the current working environment and covers the capabilities that such vendors should provide.
1 Executive Summary
Information protection has quickly climbed to a high-ranking priority in enterprise security. At one point in time, enterprises hosted most of their major communication systems and sensitive documentation and data on-premises, without the complication of multiple devices, insecure communication, and extensive interfaces with entities outside the organization. This intricate pattern of internal and external interactions is now the reality of daily operations. Users login via mobile devices – private and corporately owned – and are often not on corporate premises as they access corporate information. User access must be managed in order to protect resources, but must be flexible enough to accommodate the extensive sharing of protected information. Perimeter protection is no longer adequate, leading to the release of many Enterprise Information Protection (EIP) solutions.
There are multiple trends that impact EIP: the recent mass migration to remote work, the need to manage user access to protected resources, the increasing need to accommodate the sharing protected information, and stringent regulation protecting the private information of individuals.
The market is still heterogeneous, with many vendors offering a variety of solutions to address similar use cases. The major use cases for enterprise information protection include protecting sensitive information in any location, supporting new secure working models, protecting structured and unstructured sensitive data, and facilitate collaboration between internal and external parties.
A strong solution is one that protects enterprise data with flexible control of data that can accommodate the way that enterprise staff, business partners, and customers prefer to interact. Encryption is generally used to protect documents either at the folder level – in which all documents use the same encryption key – or at the file level where individual keys can be assigned on a per document basis. Information classification solutions provide the means to label files and documents with an appropriate term, such as public, internal, confidential, proprietary, and classified. Document repositories can be used to protect information, and can be held on-premises or increasingly in cloud storage. Information protection that facilitates collaboration on documents is well-suited to a rights management solution where an author can determine who may access a document and what they can do with it. It is possible to manage access to documents by explicitly defining the rights of users to edit, save, print, and more. These controls travel with the document and apply on internal infrastructure or cloud environments.
While not covered at length in this Leadership Brief, information disposition is an important aspect to information protection. Sensitive information must be properly disposed of after it is no longer needed, or when the retention limit is reached on a secure repository system.