Digital asset protection policy using dynamic network attributes

What is claimed is: 1 . A method comprising: receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprise first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset. 2 . The method of claim 1 , wherein the first policy constraint comprises first location information, and the first location information indicates a geographic location of the first user device. 3 . The method of claim 2 , wherein the criteria further comprises second information associated with a second policy constraint, the second policy constraint comprises first user group information, and the first user group information indicates a user group associated with a user of the first user device. 4 . The method of claim 1 , wherein the protected data asset is encrypted, and the providing access comprises providing decryption information for the protected data asset. 5 . The method of claim 1 , wherein the access to the protected data asset is limited to the first user device. 6 . The method of claim 1 , wherein the access is limited to a predetermined time period. 7 . The method of claim 1 , further comprising: subsequent to the granting access, receiving updated location information from the first user device, wherein the updated location information indicates that the geographic location of the first user device has changed, and using the updated location information to determine whether to revoke access to the protected data asset. 8 . A system comprising: a microprocessor; and a non-transient computer-readable storage medium, comprising computer instructions executable by the microprocessor, wherein the computer instructions are configured to perform a method comprising the steps of: receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprise first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset. 9 . The system of claim 8 , wherein the first policy constraint comprises first location information, and the first location information indicates a geographic location of the first user device. 10 . The system of claim 9 , wherein the criteria further comprises second information associated with a second policy constraint, the second policy constraint comprises first user group information, and the first user group information indicates a user group associated with a user of the first user device. 11 . The system of claim 8 , wherein the protected data asset is encrypted, and the providing access comprises providing decryption information for the protected data asset. 12 . The system of claim 8 , wherein the access to the protected data asset is limited to the first user device. 13 . The system of claim 8 , wherein the access is limited to a predetermined time period. 14 . The system of claim 8 , wherein the method further comprises the steps of: subsequent to the granting access, receiving updated location information from the first user device, wherein the updated location information indicates that the geographic location of the first user device has changed, and using the updated location information to determine whether to revoke access to the protected data asset. 15 . A computer program product, comprising a plurality of instructions stored on a non-transient computer-readable storage medium, wherein the instructions are configured to execute a method comprising the steps of: receiving a request to access a protected data asset, wherein the request is received from a first user device; determining whether to grant access to the protected data asset, wherein the determining comprises evaluating one or more criteria associated with the first user device, and the criteria comprise first information associated with a first policy constraint; and in response to a determination that access to the protected data asset is to be granted, granting access to the protected data asset. 16 . The computer program product of claim 15 , wherein the first policy constraint comprises first location information, and the first location information indicates a geographic location of the first user device. 17 . The computer program product of claim 16 , wherein the criteria further comprises second information associated with a second policy constraint, the second policy constraint comprises first user group information, and the first user group information indicates a user group associated with a user of the first user device. 18 . The computer program product of claim 15 , wherein the protected data asset is encrypted, and the providing access comprises providing decryption information for the protected data asset. 19 . The computer program product of claim 15 , wherein the access to the protected data asset is limited to the first user device, and the access is limited to a predetermined time period. 20 . The computer program product of claim 15 , wherein the method further comprises the steps of: subsequent to the granting access, receiving updated location information from the first user device, wherein the updated location information indicates that the geographic location of the first user device has changed, and using the updated location information to determine whether to revoke access to the protected data asset.