No one should treat outbound content management as a panacea. "But it is a good first-line defense," says Richi Jennings, lead analyst for e-mail security at Ferris Research. Where do these tools fit into your overall security strategy? A comprehensive plan includes these five steps:\n\nIdentify confidential information, whether confidential for legal compliance reasons or because it involves company trade secrets. \nManage access to sensitive information, reducing the pool of users to those who need it and can be trusted to guard it, says Jennings. This requires knowing what information you have, what protection it merits and who should have access to it\u2014something many large companies do not have a good handle on because they have so many offices and data stores, notes Security Constructs consultant Tom Bowers.\nEducate employees about desired behaviors regarding sensitive data. This involves creating policies, communicating them and reinforcing them.\nLock down information when possible. Encryption is an important aspect of security for data at rest, says Bowers. Blocking potential physical exits for data\u2014from locking down USB ports to blocking file-transfer ports on the network\u2014also reduces risk.\nUse outbound content management as a supplement. It provides a potential safety net if other steps aren't sufficient, says Jennings.