Last updated: April 16, 2026
Fortra offers four solutions that together form a file-to-policy protection chain. Titus labels at creation in Outlook, Office and SAP GUI. Boldon James discovers and labels the existing backlog on file shares, SharePoint and OneDrive. Clearswift inspects content on the mail and web gateway and removes only the risky element. Vera wraps the file in a container with persistent rights management. Which one you pick depends on where your classification problem first becomes visible and which follow-up risk you want to cover.
Pick Titus if your primary problem is the daily stream of new emails and Office documents that leave your organisation unlabelled. Creator-driven labels at the front, readable by any DLP and CASB.
Pick Boldon James if you first want to know which sensitive data you already hold on file servers, SharePoint, OneDrive and endpoints. Discovery, 300+ data types, automatic labelling on the existing backlog.
Pick Clearswift if your email gateway blocks too much legitimate communication or detects too few inbound threats. Deep content inspection that redacts at element level instead of stopping the entire message.
Pick Vera if your confidential data regularly leaves your tenant towards external parties. Persistent rights management with revocable access, even after the file has been sent.
Dutch organisations often deploy two or three at once. The order depends on where the heaviest risk first became visible: a DPIA finding, a NIS2 audit, a merger or a DLP false-positive crisis. This page ranks the four by deployment moment.
Titus Data Classification Suite is a plug-in for Outlook, Word, Excel, PowerPoint and SAP GUI that lets the user choose a sensitivity label on send or save. A locally trained ML model proposes a label based on content, recipients and context. The user accepts, adjusts or escalates. The label is written as a custom property in OOXML and as an X-header on SMTP, and is therefore readable by any downstream DLP or CASB. Titus blocks nothing on its own; it produces the context on which other layers act. See the full Titus deep dive.
Boldon James Classifier is a discovery and auto-classification platform that scans file servers, SharePoint, OneDrive, Exchange and endpoints. It recognises 300+ data types, from BSN and IBAN to medical records and contract clauses, and labels automatically based on rules and ML. Result: the backlog of unlabelled historic files becomes machine readable in weeks, not months. Boldon James shares schema and metadata with Titus, so administrators maintain one schema. See the full Boldon James deep dive.
Clearswift SECURE Gateway is a content inspection engine that analyses outbound and inbound traffic in real time on the mail gateway, web proxy and ICAP layer. The MIMEsweeper engine reads Titus and Purview labels, parses attachments down to element level and redacts or strips only what is sensitive, without blocking the entire message. On inbound it removes macros, revision history and hidden metadata from Office and PDF attachments. See the full Clearswift deep dive.
Vera by Fortra is persistent rights management. It wraps a file in an encrypted container that keeps the original extension, but on open enforces authentication and rights. You decide per user who may read, edit, print or forward, and you can revoke those rights at any moment, including after the file has left your organisation. See the full Vera deep dive.
Titus is primarily aimed at CISOs and security leads at Dutch organisations with 1,000 to 10,000 FTE that run a Microsoft 365 tenant, an existing DLP and a compliance programme under NIS2, ISO 27001, BIO or DORA. They want their knowledge workers to classify at creation instead of afterwards. For semi-public institutions with BIO classification (department-confidential, state secret) Titus is the enforcement layer on top of that classification obligation.
Boldon James is aimed at organisations that do not know what they have. For a DPO who, after a DPIA, finds personal data unstructured on file shares, Boldon James is the first answer. For a compliance officer who must evidence ISO 27001 Annex A 8.2 on ten years of legacy data for an audit, Boldon James delivers the label evidence. Also the right choice in mergers where you inherit an unknown dataset.
Clearswift is for security teams stuck between a DLP that blocks too strictly and a business that finds workarounds, such as WeTransfer or personal Gmail. We typically see this at financial services under DORA, healthcare, law firms and insurers where email must keep flowing but regulated data must not travel with it.
Vera is for scenarios where data leaves your perimeter yet must stay under your control: M&A data rooms, joint ventures, vendor relationships, external counsel, collaboration across government chains. At Dutch clients we see Vera most often on merger tracks and at financial entities sharing due diligence dossiers with external parties.
The four products sit at four different points on your data path. If you visualise the path from the moment a file is created until the moment it is opened by an external recipient, a different Fortra solution sits at each point.
Titus sits on the creator side. The plug-in runs in Outlook, Word, Excel, PowerPoint and SAP GUI on the knowledge worker's endpoint. Behind it sits a Windows policy server with SQL Server as the backend for schema definitions, ML models and audit logs. Distribution goes via Microsoft Endpoint Manager, SCCM or comparable MDM. Titus writes labels into OOXML metadata and SMTP X-headers. That is the moment classification comes into being.
Boldon James sits on the storage side. The platform scans file shares, SharePoint sites, OneDrive accounts, Exchange mailboxes and endpoint caches. It has a central scan coordinator and local scanners that reach the data over network or agent. Results and labels land in the same metadata fields that Titus uses and in the Microsoft Purview sensitivity label schema, so discovery output is directly usable for Purview enforcement and DLP policies.
Clearswift sits on the gateway. In mail flow it runs as an inline hop in Exchange Online or as a dedicated SMTP gateway on the network perimeter. In web flow it runs as an ICAP peer to Zscaler, Netskope or an on-premise proxy. It reads the classification label from message or file and applies content inspection rules that differ per label. The MIMEsweeper engine is the core: parsing down to element level, redaction without full block.
Vera sits around the file. It is not a network or endpoint layer, but a wrapper applied at the moment a file receives a sensitivity level or is manually protected. The container travels with the file, whether it is on a USB stick, in a personal cloud or on the laptop of an external party. Rights are fetched in real time from the Vera control layer at every open.
Trigger events set the order. The five most common situations we encounter in Dutch enterprise tracks.
GDPR DPIA finding on unlabelled PII. A DPIA establishes that personal data sits unstructured on file shares without you being able to show which files fall into which processing register category. The Dutch DPA expects an answer within a reasonable period. First move: Boldon James in scan mode over file shares and SharePoint to quantify the finding and label the files. Regulatory reference: GDPR 2016/679.
NIS2 incident readiness. NIS2 article 23 requires an initial notification to the CSIRT within 24 hours of discovery. Without labels on your data you cannot determine within that window which categories were hit. First move: Titus on the creation side for new data, Boldon James for the backlog, and a SIEM workbook that shows the SOC real-time label distribution.
BIO classification backlog. A co-government or executive agency must show for ENSIA that department-confidential and state-secret classifications are captured machine readable. First move: Titus with a BIO schema on Office and SAP, followed by Boldon James on existing dossiers. See also the BIO documentation on digitaleoverheid.nl.
M&A data share with an external party. You must share a due diligence dataset with an acquirer or with external counsel, on the condition that access can be revoked if the transaction falls through. First move: Vera around the dataset, combined with Titus or Purview labels that automatically trigger Vera wrapping on anything marked confidential.
DLP false-positive crisis. Your existing DLP blocks legitimate workflows on regex or location, the business complains, security disables rules, the risk profile rises. First move: Clearswift at the gateway to redact at element level instead of blocking entire messages, and Titus so the DLP acts on label instead of regex. The combination reduces false positives substantially, with the exact reduction depending on the quality of your existing regex rules and the breadth of the classification schema. Operational guidance referenced by the NCSC advisories and summarised by ENISA publications.
Honest answer up front. For many Dutch organisations, Microsoft Purview Information Protection is the right choice or a substantial part of it. Purview is included with E5, integrates natively with Exchange Online, SharePoint and OneDrive, and has a solid rights management layer for the Microsoft tenant. We see Purview in almost every environment we work in. So the question is not Fortra or Purview, but which gaps Purview covers insufficiently and where you then need an answer.
SAP. Purview does not cover SAP GUI. For financial entities under DORA, industry with regulated bills of materials and government executors with SAP backends, that is a hard gap. Titus has a dedicated SAP GUI plug-in that imposes labels on transaction data at and before export. No Purview label on an SAP extract, but a Titus label that your DLP and MFT then read. No dashboard gymnastics, just metadata your pipeline already understands.
Cross-cloud. Purview works within the Microsoft tenant. If your data lives in AWS S3, Google Workspace or a sister company on a different tenant, labels often stop at the tenant boundary. Boldon James and Vera operate at file level, so labels and rights travel beyond the Microsoft boundary. ISO 27001 Annex A 8.2 (ISO/IEC 27001:2022) does not stop at a tenant line either.
Regulated mail gateways. Purview DLP on Exchange Online blocks or encrypts. It does not redact elements within a message. For sectors where inspection plus delivery is required (financial supervisor exchange, healthcare chain mail), Clearswift is the layer that delivers element-level redaction on a regulated mail gateway.
Cross-tenant rights management. Purview RMS often requires a shared directory or B2B configuration to enforce rights correctly at external recipients. Vera works outside directory preconditions with its own authentication layer, which makes M&A and vendor tracks more practical.
In summary: many organisations run Purview for the E5 baseline and add Fortra layers where Purview falls short. No vendor lock-in theatre, just the layer that matches the gap. Implementation by Neo Security explicitly accounts for that hybrid architecture. Our rule of thumb: keep Microsoft where it works, add Fortra where Purview covers insufficiently.
Order from earliest to latest moment on the data path: Titus at creation, Boldon James at storage, Clearswift on the gateway, Vera around the file that leaves your organisation.
Primary deployment: classification at the moment a knowledge worker creates a document or email.
Scenario: a financial institution under DORA receives an audit question which documents contain personal data. Without labels, the answer is a re-scan of the entire file server. With Titus, the answer sits in the metadata of every file created in Outlook, Office or SAP GUI over the past months.
Full Titus page or the product page at Fortra Titus.
Primary deployment: discovery and automatic labelling of the existing unlabelled backlog.
Scenario: a healthcare institution must demonstrate for an ISO 27001 surveillance audit that Annex A 8.2 is applied to ten years of dossiers on file shares and SharePoint. Boldon James scans that environment, recognises 300+ data types including BSN and medical patterns, and places labels that land on the same schema structure as Titus for new data.
Full Boldon James page or the product page at Fortra Boldon James.
Primary deployment: deep content inspection on mail and web gateway that reacts to classification labels.
Scenario: an insurer sees that the existing DLP blocks emails with legitimate quotes because a BSN appears somewhere in the attachment. Staff forward the quote via WeTransfer. Clearswift reads the Titus label, redacts the BSN element from the attachment and delivers the rest of the message. The legitimate quote arrives, the regulated data does not.
Full Clearswift page or the product page at Fortra Clearswift.
Primary deployment: persistent rights management on the file that leaves your organisation.
Scenario: an industrial holding shares due diligence dossiers with an external acquirer. The transaction falls through. Without Vera, the counterparty still has the files on laptops and personal clouds. With Vera, you revoke access, and every subsequent open attempt fails on authentication, regardless of where the file sits. No X, just Y: no after-the-fact lawyering to claw files back, just a file that stops opening on your signal.
Full Vera page or the product page at Fortra Vera.
Underlying regulatory cornerstone: why data classification under GDPR, NIS2, ISO 27001, BIO and DORA. Normative sources: GDPR 2016/679, NIS2 2022/2555, ISO/IEC 27001:2022, NCSC advisories, ENISA publications.
Yes, if your first concern is the daily stream of new emails and Office documents. Titus captures labels at creation and solves your outbound risk. For the existing backlog of unlabelled files on file shares and SharePoint you will need Boldon James later. The two products share the same schema, so a phased start is a normal path.
Rarely at the same time. A typical Dutch enterprise starts with Titus and Boldon James for the labelling problem. Clearswift joins when your mail gateway produces false positives or fails to strip inbound weaponised content. Vera joins for M&A, external collaboration or regulated data that leaves your tenant. Your dominant risk first, then expand.
Purview is the native label language inside the Microsoft tenant and included with E5. Titus offers multiple attributes per label, SAP GUI coverage, a harder label prompt and schema flexibility for BIO classification. The two write to compatible metadata and synchronise. Many customers run Titus on the creation side and Purview on the enforcement and encryption side.
Yes, and this happens. Organisations with a large unknown backlog on file shares and SharePoint often start solo with Boldon James to first understand what they actually hold. After that comes a policy decision per data type. Titus joins once you want to enforce daily creation at the front as well.
Yes. Clearswift sits as a connector in the Exchange Online mail flow or as an inline gateway for outbound traffic. It reads Titus and Purview labels on messages and applies deep content inspection and redaction based on the classification. For regulated sectors where plain blocking is not an option, Clearswift complements Purview enforcement with element-level redaction.
Disk encryption protects against theft of the device. It does not protect after a file has left your organisation. Vera wraps the file itself, so you can revoke access after the fact at an external recipient. For M&A, vendor exchange and post-exfiltration scenarios, disk encryption is insufficient and Vera is the logical layer on top.
Titus plus Boldon James, with Microsoft Purview for encryption and rights management on the E5 layer. Clearswift recurs at financial services and healthcare. Vera shows up in M&A tracks and at organisations with heavy external collaboration. The full four-product chain appears at larger financial entities and at central government under BIO classification.
Discovery first to measure your problem, so Boldon James in scan mode. Then Titus on the creation side so new data comes in pre-labelled. Then Clearswift at the gateway if your DLP false-positive ratio justifies it. Vera last, aimed at specific external workflows. Each step 3 to 6 months, with evaluation in between.
Regulatory references: GDPR 2016/679, NIS2 2022/2555, ISO/IEC 27001:2022.