The threat entails employees leaking sensitive data about customers, finances or intellectual property in violation of security policies and regulatory requirements. Sometimes it's by mistake and sometimes the employee is looking to make a financial gain.

To combat data leakage, a growing number of vendors are pitching products designed to monitor sensitive information and block outgoing e-mails or instant messages containing it. This week alone, newcomer Fidelis Security Systems will debut, veteran player Vidius will change its name and launch a product, and Tablus will reveal plans to deliver a product that combines network- and desktop-based monitoring.

Data-leakage prevention products typically work by being allowed access to databases to keep track of what an organization considers sensitive data and compare it with what goes out. But questions of false positives, missed leaks and its expense - $100,000 is not an unusual price - have kept leakage detection in a niche reserved for a limited group of companies and government agencies.

Inside jobs

"It does stop e-mail with sensitive data," says Janet Behnke, IT manager at First Financial Credit Union in Los Angeles, which uses a gateway from Vidius (now called PortAuthority Technologies) at its Internet access point. The product is used to watch for sensitive information, including customer account numbers, balances and ATM card numbers.

Most credit union employees whose e-mail is blocked by PortAuthority - the average is 20 to 25 unauthorized e-mails per day - are sending out sensitive data by mistake, Behnke says. But there have been instances where the bank caught employees forwarding customer information to brokers in order to make money.

"They did it because they were trying to get commissions," Behnke says, adding that these employees were terminated. PortAuthority "saved us from a lot of exposure," she says.

This insider-theft problem is similar to that facing Bank of America and Wachovia, which in late May acknowledged massive data leaks involving stolen account data on tens of thousands of customers sold by bank employees.

Bank of America, which says it has deployed the Vontu information-leakage product, declined to say where the content monitoring helped in uncovering the problem, which involved use of e-mail as well as simply printing out customer information.