People often ask me: What are the top considerations I should have in mind when I’m looking to invest in Enterprise Rights Management?  Here is my current list of top considerations based on what is happening in this space right now.

  1. Connectivity: Does it easily connect with your existing systems?   Here’s why connectivity matters.  If you can easily add ERM to your existing DLP, ECM, EFSS, and ERP systems, then you can automatically protect files as they are shared, discovered and downloaded.  Automation is crucial to adoption of ERM and connectivity is the answer to automation.  See how many pre-built connectors the vendor has in their library and check out the APIs.
  2. Breadth of Coverage: Can you protect any type of file?  Can you utilize any device/OS to (first) protect files and then (second), to access and utilize protected files?   Any limits in the coverage of file types and devices will limit your ability to close the security gap.
  3. Native Application Support: One of the big values of ERM is the ability to protect data ‘at work.’ So a great question to ask is can the ERM system utilize protected documents within native applications?  Some systems require that you use non-native viewers to utilize a protected file.  Extra software will hamper adoption.
  4. Ease-of-Use for Employees: Is the ERM system easy for your employees to use?

There are many aspects to ease of use but a few key aspects are ensuring your employees can easily onboard new recipients, that they have flexible and easy protection methods (think very few clicks), and that they can protect any type of file.

  1. Ease-of-Use for External Users: Securing external collaboration is an essential value for ERM.  So find out if the ERM system works well for sharing protected files with external users.  What that takes is robust identity federation and browser less access of protected files.
  2. Ease-of-Use for Information Security: You want to make sure the ERM system doesn’t add to the effort to define and manage policies.  Make sure the ERM system has robust Policy Federation so that you can seamlessly leverage access policies already defined in existing systems.
  3. Proven & Scalable: Is the system proven?  Is it scalable?  Can you deploy the solution on premise and in the Cloud?  Can you leverage multiple repositories? Have they deployed the solution across thousands of users in multiple global locations?  These are the questions you want to ask.
  4. Vendor Focus: Is the vendor devoting their R & D to ERM or is it just one product in their line of offerings?  Did they build the product on top of another system, or acquire it and add it to their offering?  You typically find that a vendor who has full control over the entire solution and who is focused on ERM will have superior solutions and greater investment in future ERM innovations.