With the economy being so shaky right now, my company has put a freeze on hiring and we are currently using temporary contractors to fill certain positions. It seems that outsiders are the new insiders. Any tips on best practices for making sure contractors have what they need, but can't take sensitive information out the door when the job is done?

Every organization faces the challenge of protecting against data loss, and with the use of contractors and trusted partners there is an increased urgency on protecting data. Organizations today must protect sensitive data by first identifying where this data is, then determining who can access it. Many organizations give open access to their networks to anyone needing connectivity. With this liberal approach comes the challenge of determining what sensitive data is openly accessible. The issue of determining what data exists where is compounded with the increased use of Web 2.0 applications such as Wikis and Microsoft's SharePoint that allow users to post and communicate information without restriction or control.

Data discovery or content inventorying is the first step organizations must take to determine what content exists where. Many business or security teams do not know what sensitive data exists on which servers or machines, making data protection a far off dream. Data-at-rest discovery tools can solve this problem by scanning the network to discover machines and then go on to crawl the content on these machines. The analysis of content is sophisticated in that pre-defined compliance templates can be used as well as hundreds of other content classifications.

From these crawls of data-at-rest, the organization has a taxonomy of content - its location and meta information. Armed with this, the organization can then take the necessary steps to control if this data should be openly accessed and by whom. Automated remediation options include copying the files to secure location, applying DRM policies to the content, or notifying the content owners - just to name a few options.

Once this information is identified it can also be registered to detect its movement outside of the company through the corporate firewall or from a PC using WiFi, USB or Bluetooth connections. Data-in-motion data loss prevention products analyze all content as it leaves an organization without any changes to the user machines that are sending it; hence this solution works well for machines that are not owned by the organization like those of contractors and business partners. Data-in-use endpoint agents provide similar functions for examination of content leaving the PC.