System and method to provide server control for access to mobile client data

What is claimed is: 1. A method for protecting a data item, comprising: upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score of the data item, a confidence level that a user of the client device is an authorized user, and a current protection level of the data item, the sensitivity score being generated based on a value of the data item to a particular individual or organization and a cost of recreating the data item if destroyed or modified; applying, using a processor, a policy to determine an appropriate protection for the data item based upon the sensitivity score, the confidence level, and the current protection level; and providing a protected data item to the client device by applying the appropriate protection to the data item, wherein a unique encryption key is employed for each application of a protection technique on each of one or more data items. 2. The method as recited in claim 1 , wherein determining the sensitivity score includes: determining sensitivity scores for classes of data on the server; determining a class of the data item from the classes of data on the server; and assigning a sensitivity score corresponding to the class of the data item as the sensitivity score of the data item. 3. The method as recited in claim 1 , wherein applying the policy includes determining the appropriate protection based upon one or more of features of the data item and features of the client device. 4. The method as recited in claim 3 , wherein features of the data item include one or more of type, creator, and indicator of the data item. 5. The method as recited in claim 3 , wherein features of the client device include one or more of a history of compromises, an ownership status, an operating system, a version of the operating system, applications stored on the client device, a patch status, suspected malware, a status of a network connected to the client device, and an application of the client device used to access the data item. 6. The method as recited in claim 1 , wherein providing the protected data item includes providing a link referring to the protected data item. 7. The method as recited in claim 1 , wherein the initiation of transfer includes at least one of a request from the client device and a server initiated transfer of the data item. 8. The method as recited in claim 7 , wherein the request from the client device is due to at least one of a user request, a scheduled request, a signal received by a sensor of the client device, and an event external from the client device. 9. The method as recited in claim 7 , wherein the server initiated transfer is due to at least one of a request from the client device, a request from a second device, receiving data from the second device, and a scheduled transfer. 10. The method as recited in claim 1 , wherein applying the appropriate protection includes at least one of applying encryption, redaction, invertible obfuscation, and non-invertible obfuscation. 11. A non-transitory computer readable storage medium comprising a computer readable program for protecting a data item, wherein the computer readable program when executed on a computer causes the computer to perform the steps of: upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score of the data item, a confidence level that a user of the client device is an authorized user, and a current protection level of the data item, the sensitivity score being based on a value of the data item to a particular individual or organization and a cost of recreating the data item if destroyed or modified; applying a policy to determine an appropriate protection for the data item based upon the sensitivity score, the confidence level, and the current protection level; and providing a protected data item to the client device by applying the appropriate protection to the data item, wherein a unique encryption key is employed for each application of a protection technique on each of one or more data items. 12. The non-transitory computer readable storage medium as recited in claim 11 , wherein determining the sensitivity score includes: determining sensitivity scores for classes of data on the server; determining a class of the data item from the classes of data on the server; and assigning a sensitivity score corresponding to the class of the data item as the sensitivity score of the data item. 13. The non-transitory computer readable storage medium as recited in claim 11 , wherein applying the policy includes determining the appropriate protection based upon one or more of features of the data item and features of the client device. 14. The non-transitory computer readable storage medium as recited in claim 13 , wherein features of the data item include one or more of type, creator, and indicator of the data item. 15. The non-transitory computer readable storage medium as recited in claim 13 , wherein features of the client device include one or more of a history of compromises, an ownership status, an operating system, a version of the operating system, applications stored on the client device, a patch status, suspected malware, a status of a network connected to the client device, and an application of the client device used to access the data item. 16. The non-transitory computer readable storage medium as recited in claim 11 , wherein providing the protected data item includes providing a link referring to the protected data item. 17. The non-transitory computer readable storage medium as recited in claim 11 , wherein the initiation of transfer includes at least one of a request from the client device and a server initiated transfer of the data item. 18. The non-transitory computer readable storage medium as recited in claim 17 , wherein the request from the client device is due to at least one of a user request, a scheduled request, a signal received by a sensor of the client device, and an event external from the client device. 19. The non-transitory computer readable storage medium as recited in claim 17 , wherein the server initiated transfer is due to at least one of a request from the client device, a request from a second device, receiving data from the second device, and a scheduled transfer. 20. A method for protecting a data item, comprising: upon initiation of transfer of the data item from a server to a mobile device, determining a sensitivity score of the data item, a confidence level that a user of the client device is an authorized user, and a current protection level of the data item using a data protection server, the sensitivity score being generated based on a value of the data item to a particular individual or organization and a cost of recreating the data item if destroyed or modified; applying a policy to determine an appropriate protection for the data item using the data protection server, wherein the appropriate protection is based upon the sensitivity score, the current protection level, the confidence level, and features of at least one of the data item and the mobile device; and providing a protected data item to the mobile device by applying the appropriate protection to the data item using the data protection server, wherein a unique encryption key is employed for each application of a protection technique on each of one or more data items.