Enterprise Rights Management: Ready For Prime Time?

Earlier this week, Forrester Research published my Market Overview: Enterprise Rights Management report. Brian Hill and I examined eight vendors in the enterprise rights management (ERM) space: Adobe, Microsoft, GigaTrust, Liquid Machines, NextLabs, Oracle, EMC, and Covertix. We found that the space is evolving to become less of a standalone market. From the report:

Because ERM allows data to protect itself via encryption, it is theoretically the perfect security technology for a world where the “dissolving perimeter” is an established fact. But historically, most enterprises don’t use ERM on an enterprisewide basis and do not use it to protect documents shared outside company boundaries. High cost, application rigidity, and integration shortcomings have limited market adoption. Forrester expects that ERM’s appeal will widen in the future. Integration with data leak prevention technology, content management infrastructure, and other risk mitigation solutions will drive adoption growth, particularly as enterprises roll out the latest versions of Microsoft Exchange and SharePoint.

A key idea in the report is that ERM becomes an “enforcement mechanism” for content-filtering platforms like DLP. Of course, the ERM vendors I’ve spoken with mostly hate the idea that their products might become mere enforcement appendages of, well, an arriviste technology like DLP. But this is clearly a case where, like peanut butter and chocolate, two things that taste great, taste better together. Enterprises will, in the fullness of time, be able to (1) use their DLP tools to detect transmissions of, or find stored copies of, sensitive information; and then (2) apply their choice of protection technologies to enforce their confidentiality and integrity goals. Sometimes the right choice will be encryption; other times, ERM will be a better. One of the vendors we profiled, NextLabs, already combines DLP and ERM in a single product, and we think this is an idea whose time has come.

Shortly after this report was published, Peter Abatan at Enterprise Rights Management Info asked to review our report. His review is here, and I recommend you read it. In his review Peter asks why we chose to exclude two vendors he knows that have been active in the Asia Pacific area, Fasoo and Seclore. The simple answer is that (1) neither vendor has substantial market presence in the key US and European markets we follow closely, and (2) more practically, Brian and I decided early on to cap the number of participants at eight. That said, I have spoken with both companies recently, and we will be watching them more closely going forward.

Breaking news: as I was putting this post together, a press release announcing Check Point’s acquisition of Liquid Machines crossed my desk. The Forrester take is that Check Point’s acquisition of Liquid Machines validates our basic thesis about the ERM market’s evolution. The acquisition is good news for Liquid Machines, their investors, and their customers, and ensures the technology will live on. Although the company is not large by revenue, we felt that they had strong technology that is well suited to the needs of large enterprises. We gave them the “full shaded circle” (our highest rating) in more categories than any other vendor. Liquid Machines gives Check Point an important new data protection technology alongside their existing file encryption tools. What Check Point does not have, at this point, is a full-stack, enterprise-grade DLP product that spans endpoint, perimeter and data center (although it does have a DLP product that addresses data in motion). That said, I think we can safely predict that we will see more coming from Check Point on the DLP front, particularly as it adds more enterprise features like inventory (misleadingly called “discovery” by most vendors) and integrates Liquid Machines’ ERM as an alternative enforcement mechanism.


Pity you didin't think to

Pity you didin't think to include in you review the one vendor that consistently beat Liquid Machines in SC Magazine reviews. I wonder why? (I can think of a few reasons.)

Clarification please?

Peter, we're always interested in hearing about interesting solutions. If you think we missed an important vendor, please let us know and we will consider them for next time.

I don't know the vendor you are referring to, but I can guess. I just did a quick search of SC Magazine's US website. It showed only one group test in the "DRM" category from late in 2008. One vendor, Avoco Secure, got 5-star ratings in all five categories. Liquid Machines got 5 stars in all but one category. I'm not sure I'd call this one group test evidence of "consistently beating," and a single-star gap doesn't really suggest that either. But that aside, I'll keep my eye on them in the future for consideration then next time we do a report on ERM.

As for the reasons why Avoco Secure (or some other un-named vendor) was excluded: there are three, and they are all real simple. (1) I'd never heard of them before in my five years as an analyst. (2) My enterprise customers have never mentioned them either. (3) None of the eight vendors in the report (and two others that weren't) ever mentioned Avoco Secure as a competitor. It's not more complicated than that.

Rounding out the endpoint security picture

As a former Liquid Machines employee who has made the transition to Check Point as part of the acquisition, it is exciting to see the end point security area evolving. I think the combination certainly has good potential and eventually, rights management will become a critical component of any endpoint protection strategy.

My best wishes to all of you in the ERM space!

Clarification please?

Maybe you just aren't doing your job very well as an analyst Andrew? Surely, technology analysis should be more than just letting other people tell you about companies, maybe you should actively investigate the area you are analysing instead of letting other people do it for you - for example, I entered enterprise rights management into Google and Avoco Secure were on the 3rd page, just above Liquid Machines. Not that hard really?
Might bring real value to the companies you work for and make your name as someone who goes that little extra mile?
Hoping you won't get upset with a little criticism.

Hi Julie, thanks for your

Hi Julie, thanks for your comment.

We do our best when selecting vendors for these market overviews. Clearly, with 8 spots in this particular report, it was impossible to include every vendor -- and the ERM space is very crowded.

Sorry we didn't include your favorite vendor. If you are an enterprise customer who is using Avoco Secure, feel free to e-mail me. I'd enjoy hearing about your experiences with the product.