Is Your Blog Leaking Trade Secrets?: Page 3

According to Young, the risks associated with social networking and messaging applications often point to other internal problems. “Often it’s just an employee trying to solve a problem,” he said. “If the enterprise solves the problem, then the risk goes away.”

Crosley added that organizations often calculate risks improperly, being overly conservative when it comes to communications tools. They focus on the wrong things and don’t accurately estimate the real costs associated with adopting versus ignoring a technology. Does a spike in productivity and efficiency offset the deployment cost? Does internal control offset the risk of having employees bring in technologies through the backdoor?

“If employees are desperate for good web-based email, give it to them. Don’t make them resort to Gmail,” he said.

Beyond tools like web-based email, VPNs, and secure wireless networking, Young pointed to email security and content-monitoring as the next line of defense against data leaks. “In certain industries, especially financial, it’s a must,” he said.

Crosley suggested that companies who haven’t developed policies or are unfamiliar with new security technologies should bring vendors into the mix. Of course, you’d expect a vendor rep to say this, but he makes a good point: “Until you know the dimensions involved with your particular enterprise, it’s hard to develop policy. Most vendors will conduct an audit first, and that’s the logical starting point.”

For those further along with their security policies and strategies, they can start evaluating data-leak-prevention solutions. Startups are leading this space, with Proofpoint, Provilla, Clearswift, and PortAuthority (acquired by Websense in January 2007) all fitting the bill.