ERM: The forgotten data security space
The DLP guys found a goldmine while ERM companies faded away, but there are a few ironies in this victory.
With information technology, you can look at problems and solutions in lots of different ways. For end users and academics, this can lead to a lot of experimentation, skunk works projects, and trial-and-error. But that is not the case when it comes to technology vendors. Start-ups also see lots of ways to solve problems, but they are bound by business plans, directors, and funding to pick their battles and build focused solutions. Some make the right choice and get lucky, some don't.
As an example, I offer two different solution types for data security: Data Loss Prevention (DLP) and Enterprise Rights Management (ERM). These two segments are focused on protecting confidential and private data but each took a bit of a different approach. At a high level, DLP solutions sort of assume that you don't know where your confidential data is or what people are doing with it so you need some way to prevent bad things from happening. Alternatively, ERM assumes that you do know where the data is and what people should be doing with it so you need automated tools for policy enforcement.
These two related product segments have had vastly different fortunes. DLP became the toast of the town with a number of visible acquisitions. Port Authority was scooped up by Websense, EMC grabbed Tablus, and Symantec purchased Vontu. Others like Orchestria and Vericept continue to do well as independent companies. ERM players didn't fair quite as well, however. Companies like Authentica and Sealed Media were purchased at discounted prices while others simply shut their doors.
DLP initially proved to be a better financial bet, but ultimately there are a few ironies in this victory:
Ironic point No. 1: DLP vendors are now adding ERM-like functionality like data usage policy enforcement into their products. I guess this means that as users get a better understanding about their data and how people use it, they realize that they need better ways to control these activities.
Ironic point No. 2: ERM vendors like Adobe Systems, Liquid Machines, and Microsoft that were able to ride out the market storm are now in high demand. Users finally recognize the value here.
Like comedy, timing is everything when it comes to technology start-ups. Believe me, I learned this lesson first-hand. The DLP guys found a goldmine while ERM companies faded away. What's old is new again, however. ERM, as an adjunct to DLP or as a standalone security suite, will ultimately benefit users and investors alike.