1 Introduction
Information protection has quickly climbed to a high-ranking priority in enterprise security. At one point in time, enterprises hosted most major communication and documentation on-premises, without the complication of multiple devices, insecure communication, and extensive interface with entities outside the organization. This intricate pattern of internal and external interactions is now the reality of daily operations. Users login via mobile devices – private and corporately owned – and are often not on corporate premises as they access corporate information. User access must be managed in order to protected resources, but must be flexible enough to accommodate the extensive sharing of protected information. Perimeter protection is no longer adequate, leading to the release of many enterprise information protection solutions.
While a vulnerability from a security standpoint, storing and sharing business information is an increasingly important aspect of managing a business today. Businesses need to collect more information, they need to analyze more data and they increasingly need to share this information with business partners and customers. This is consistent across all verticals. Maintaining inventory levels requires candid communication with suppliers, and customer relations often depends on securely running a customer identity management system. Protecting enterprise information while still making it available for varied use is therefore paramount.
There are two broad drivers of information protection: intellectual property protection and sensitive information regulation. Intellectual property is increasingly coming under threat. Valuable data must be shared with persons external to the corporation: to lawyers working on patents or to marketing consultants designing new campaigns. Ensuring this information is adequately secured is a major concern for the modern enterprise.
Equally, protecting sensitive information is no longer optional. Sensitive information includes business process information such as sales levels and product availability. It also includes private information such as information maintained on staff, business partners and customers which must be adequately protected in accordance with regulatory requirements in the jurisdictions in which a company operates are met. High-profile regulations such as the GDPR and CCPA are very much in the public eye, and enterprises are under compliance and reputational pressure to expertly handle all personally identifiable information (PII).
A strong solution is one that protects enterprise data with flexible control of data that can accommodate the way that enterprise staff, business partners, and customers prefer to interact. Encryption is often used to protect documents either at the folder level – in which all documents use the same encryption key – or at the file level where individual keys can be assigned on a per document basis. Document repositories can be held on premise or increasingly reside in cloud storage.
Key challenges that drive the need for enterprise information protection solutions are:
- The “post-perimeter” age of security means that every interface with enterprise data is a potential attack vector
- Enterprises are increasingly collaborating with external partners and must share sensitive information
- Data protection regulation restricts the type, length of type and reasons for storing data, and requires fine-grain control over all stored data
Fourtunately, the technology required to achieve these protections is readily available. IRM-Prot-On, acquired by Grupo CMC, is a strong choice for enterprise information protection solutions, providing critical security functionality while still enabling enterprises to collaborate with other actors in a protected manner.