Control Freak

"The 21st century is a very bad time to be a control freak. Why? Cause you can't control information. It's just too easy for anyone to put just about anything where almost anyone can read it. Things which would have required thousands of dollars and vast infrastructures before are now done on computers costing under $1,000 from your living room."

 
I saw this a while ago and thought of this application even in placed where control freaks are needed -- say at a company. If you are handling controlled information -- secure, proprietary, confidential -- today's environment makes it very difficult to control. You can control access to the information at its source, but once someone with access copies that information, it's very difficult to control where they place it. Even within the corporate firewall, confidential and sensitive information has the ability to, VERY EASILY, be just about anywhere. Once that happens you have the secured (original) piece of information and the "rogue" information who-knows-where.

 
Social networks, blogs, wikis and programs like SharePoint make it very easy for someone to take a document, snippet from a table, etc. and move it somewhere else. So how do you control that? There are tools which secure the individual document, but what about someone who copies information out of it for a valid reason, with all the right access, places it into another document, wiki, or blog which is not secured? Very little way that technology can deal with that. Oh sure, you can use enterprise search that can index all your content, everywhere and then design algorithms which will scan for certain keywords, but it will probably take human beings to actually determine if each individual case is a valid use of the information and secured correctly.

 
I think that policy, process, and education are the keys to this type of control. You need to train all employees and contractors, follow processes which minimize the need to copy sensitive information and monitor your personnel to assure that they are following the processes. If they aren't take appropriate action to correct the problem or remove the individual.