Here are some of the challenges - and answers - for deploying this technology.

Technology versus Business Process

Content monitoring is not a technology problem but a business-process problem. The technology may consist of network-based appliances, desktop clients, or a combination of both. Network appliances simply plug into your network, while desktop clients are agents that communicate to a central server. In a broad sense, the basic deployment begins by simply choosing to monitor every protocol available, in both directions. Then maximize your storage options and select your most essential reports for corporate or regulatory usage for monitoring. The real challenge begins with selecting the key terms, key phrases, policies, and filters.

Policies and Filters

Choosing policies and filters to monitor is an easier problem to solve, as the content monitoring vendors usually provide a framework of canned policies and filters. These templates begin with regulation and compliance. Privacy and corporate governance are typically added as well. Finally, some basic Intellectual Property (IP) filter sets are offered. You will find that these default templates are easy to modify for your particular enterprise. The degree of ease varies from vendor to vendor, however.

Developing Key Terms and Phrases

You will spend your first six months of deployment (perhaps less, if you have professional services assistance) developing key terms and phrases because there is a high false-positive rate during initial deployment. Initially the template policies and filters will "see" all content, and your team will be overwhelmed with the sheer amount of data being presented. The first step therefore is to decide what information is most valuable to your enterprise. Your corporate information-classification policy will provide the framework for this decision process.

Let's say, for example, that your company manufactures and sells a new aspirin named HeadacheBeeGone. If I create a filter to trip every time the key term HeadacheBeeGone passes by, I will be quickly inundated with alarms. I expect that many people in the organization will send this term to suppliers, distributors, off-shore manufacturing, and remote sales offices. Therefore most of the alarms created by this term will be false positives. Some legitimate problems may be spotted, but how much effort is required to sift through all of the false positives to find that one in 1,000 that is a true problem? The better method is to find another, more specific key term or phrase related to HeadacheBeeGone, perhaps a component of your manufacturing process that is proprietary to your company. Let's call this component the ZStamp process. Very few people outside of your manufacturing teams know of this process. When your content monitoring solution sees this key term, the probability of a true positive occurring is much higher.