So far, we have been concerned with tools that manage security and move information around. This category addresses the data itself. Data is, after all, the reason we implement security in the first place. Protecting the infrastructure and protecting the data both are necessary to ensure that our valuable information is not compromised.

In this category, we look at securing email, encrypting data and keeping our information where it belongs – under our con­trol. In this group, we have one old friend and two new ones. Argu­ably, the most important subcat­egory is encryption, but there is an interesting twist to the email security subgroup. As you will read, email security executes its purpose by protecting the email itself.

Encryption comes with new challenges. It's not just scrambling data so that it cannot be read by unauthorized users. Today, the biggest challenge continues to be getting people to use encryption. That, as we will see, is not a trivial challenge.
Keeping your business your business is, really, an emerging category, but it promises to be one of the biggest drivers of security over the next year to 18 months. Data leakage or extrusion – whichever you prefer – may do its job in a variety of ways, but the bottom line is: If your data is leaving your environment you should, at least, know about it.

All three of these subcategories are, of course, impacted by the challenges we have been discuss­ing: cloud computing, SaaS and
virtualization. But the increasing complexity of the enterprise, characterized largely by the diminishing presence of a clearly defined perimeter, is likely the number one challenge that we see when trying to protect our data at rest.

Each of our innovators this year has a different view of security of data at rest, and each sees the challenges a bit differently. However, on one thing they all agree: If all else fails when securing the enterprise, your only fallback position is protecting the information itself. Doing that is, arguably, the most important security func­tion in the enterprise.

In fact, over the years there have been many pundits who have insisted that we could get rid of all security functionality if we only encrypted, pervasively and reliably, all applications and data. I'm not ready to go as far as that, but I do agree that if it is not job number one, protecting the information itself is pretty close.