No one should treat outbound content management as a panacea. "But it is a good first-line defense," says Richi Jennings, lead analyst for e-mail security at Ferris Research. Where do these tools fit into your overall security strategy? A comprehensive plan includes these five steps:
- Identify confidential information, whether confidential for legal compliance reasons or because it involves company trade secrets.
- Manage access to sensitive information, reducing the pool of users to those who need it and can be trusted to guard it, says Jennings. This requires knowing what information you have, what protection it merits and who should have access to it—something many large companies do not have a good handle on because they have so many offices and data stores, notes Security Constructs consultant Tom Bowers.
- Educate employees about desired behaviors regarding sensitive data. This involves creating policies, communicating them and reinforcing them.
- Lock down information when possible. Encryption is an important aspect of security for data at rest, says Bowers. Blocking potential physical exits for data—from locking down USB ports to blocking file-transfer ports on the network—also reduces risk.
- Use outbound content management as a supplement. It provides a potential safety net if other steps aren't sufficient, says Jennings.