Data Governance Moves up the Agenda

Mike,

Your blog post is right on target, and Mr. Reich of Varonis has portrayed one very important part of document assurance appropriately, and that is classification and end-user responsibility to the assurance equation!

I'd like to introduce to you the "InDorse approach" which we have worked to pioneer since 2006: the convergence of document inventory, usage, policy, and enforcement - this all done automatically, transparently, and unobtrusively.  An approach such as this ensures that company data, especially the sensitive one whose definition changes with time, are used in an appropriate manner while end-users leverage the productivity advantages of Web/Enterprise 2.0.  Our customers have used our solutions to assure not only documents, spreadsheets, presentation, but also multimedia, and CAD drawings - with no end-user retraining or extra-hoops to remember through which to jump.

What is key for the majority of today's companies is to not retrain their knowledge workers and those of their partners.  As more of their IT moves towards Web/Enterprise 2.0 using SharePoint, for example, more and more sensitive documents become scattered about multiple endpoints and unauthorized users, thus introducing risks of data loss - either accidental or malicious. The more "traditional" DLP solutions require users to "do" or install something extra or be stopped from using certain Web 2.0 tools to complete their work.  Users are fairly predictable and creative - put in extra, non-functional steps to completing their tasks, and a rewarding bet would be they would find ways around it, thus defeating the assurance measures in the first place.

A balance needs to be struck, and that would be to give the organization the ability to provide more and more Web/Enterprise 2.0 facilities to complete work on sensitive data while not requiring users to "remember" to do something to ensure the security assurance.  I term this as "tuning security to convenience to governance."

We at InDorse with our customers have titrated those basic facilities into our signature calling card: real-time file inventory across all file repositories; classification on usage, content, context, and location; real-time policy determination; real-time policy enforcement coordinated with the right DRM engine; embed both visible and invisible company tags into the file; and real-time monitoring of file usage no matter where the file travels sans endpoint software installation.  Once the files are used, the organization knows the "411" on tagged files in a manner like Google Analytics reports on web site usage.  Some "InDorsed" files have "911" capabilities, that is, "pull" entitlements when the context would not allow it.  This is the InDorse "context assurance advantage," and boils down to enabling users to get their job done while assuring security and risk mitigation for their companies.  With company boundaries moving beyond the traditional four walls or VPN perimeter, "context assurance advantage" enables Internet technologies to remain ever-increasing productivity tools while assuring company policies are met - anywhere and anytime "on the Internet."

I believe 2010 will be the year of context-oriented document assurance as the next wave of DLP, as portrayed by Forrester, The 451 Group, The Burton Group, and EMA.

Happy New Year, and I look forward to more of your blog posts.

Kind regards,

Rob