Earlier this week, Forrester Research published my Market Overview: Enterprise Rights Management report. Brian Hill and I examined eight vendors in the enterprise rights management (ERM) space: Adobe, Microsoft, GigaTrust, Liquid Machines, NextLabs, Oracle, EMC, and Covertix. We found that the space is evolving to become less of a standalone market. From the report:
Because ERM allows data to protect itself via encryption, it is theoretically the perfect security technology for a world where the “dissolving perimeter” is an established fact. But historically, most enterprises don’t use ERM on an enterprisewide basis and do not use it to protect documents shared outside company boundaries. High cost, application rigidity, and integration shortcomings have limited market adoption. Forrester expects that ERM’s appeal will widen in the future. Integration with data leak prevention technology, content management infrastructure, and other risk mitigation solutions will drive adoption growth, particularly as enterprises roll out the latest versions of Microsoft Exchange and SharePoint.
A key idea in the report is that ERM becomes an “enforcement mechanism” for content-filtering platforms like DLP. Of course, the ERM vendors I’ve spoken with mostly hate the idea that their products might become mere enforcement appendages of, well, an arriviste technology like DLP. But this is clearly a case where, like peanut butter and chocolate, two things that taste great, taste better together. Enterprises will, in the fullness of time, be able to (1) use their DLP tools to detect transmissions of, or find stored copies of, sensitive information; and then (2) apply their choice of protection technologies to enforce their confidentiality and integrity goals. Sometimes the right choice will be encryption; other times, ERM will be a better. One of the vendors we profiled, NextLabs, already combines DLP and ERM in a single product, and we think this is an idea whose time has come.
Shortly after this report was published, Peter Abatan at Enterprise Rights Management Info asked to review our report. His review is here, and I recommend you read it. In his review Peter asks why we chose to exclude two vendors he knows that have been active in the Asia Pacific area, Fasoo and Seclore. The simple answer is that (1) neither vendor has substantial market presence in the key US and European markets we follow closely, and (2) more practically, Brian and I decided early on to cap the number of participants at eight. That said, I have spoken with both companies recently, and we will be watching them more closely going forward.
Breaking news: as I was putting this post together, a press release announcing Check Point’s acquisition of Liquid Machines crossed my desk. The Forrester take is that Check Point’s acquisition of Liquid Machines validates our basic thesis about the ERM market’s evolution. The acquisition is good news for Liquid Machines, their investors, and their customers, and ensures the technology will live on. Although the company is not large by revenue, we felt that they had strong technology that is well suited to the needs of large enterprises. We gave them the “full shaded circle” (our highest rating) in more categories than any other vendor. Liquid Machines gives Check Point an important new data protection technology alongside their existing file encryption tools. What Check Point does not have, at this point, is a full-stack, enterprise-grade DLP product that spans endpoint, perimeter and data center (although it does have a DLP product that addresses data in motion). That said, I think we can safely predict that we will see more coming from Check Point on the DLP front, particularly as it adds more enterprise features like inventory (misleadingly called “discovery” by most vendors) and integrates Liquid Machines’ ERM as an alternative enforcement mechanism.