Tech Predictions 2009: A more sensible approach to de-risking data loss
This is one that should have happened a while back, given that all the technology pieces are in place and readily available, but fear not, 2009 will be the year for comprehensive information rights management. Yes, I said it.
So what has changed, and why should 2009 be any different?
- Well for one thing, the frequent reports of data loss incidents mean that the corporate world has had to start looking at ways to prevent future mishaps. However, even current initiatives like wholesale corporate data encryption and data loss prevention strategies are not totally fool proof; therefore many organisations are still likely to need a more effective approach towards managing and securing information, especially one that will work even after data is lost or misplaced.
- Secondly, there are signs that ERM vendors are waking up to the key role they have to play in creating the ecosystem of solutions required to tackle data loss issues head-on. For example, some vendors have begun integrating their ERM products with existing Data Loss Prevention systems in order to provide effective control of information, both within and outside the enterprise security perimeter, (i.e. in the Jericho philosophy of deperimeterised security).
- Finally, although ERM is a direct offshoot of media Digital Rights Management (DRM), and provides similar capabilities for content control, it is unlikely to face the same fate as the latter, (see more on this from my DRM blog), for the simple reason that they serve very different markets / needs. A recent study of the ERM market shows a steady increase in awareness and adoption by organisations in various sectors like finance, healthcare and IT consulting among others
.In light of the above, I believe it that we shall start to see more examples of holistic security and information management as a major step towards mitigating the risk of data loss. The solutions, like the problems they solve, are not restricted to one product, channel or strategy; therefore it would most likely be achieved via a combination of components that include: ERM / IRM solutions; DLP systems; enhanced Information Security Policies; and the traditional corporate security and perimeter defence mechanisms.
Note: Originally posted on Capgemini’s Technology blog. You can see the original post, including comments, at: http://www.capgemini.com/technology-blog/2008/11/help_theres_an_architect_in_th.php