Though data-loss prevention gear is proving a boon for corporate security, its “see all, know all” style of content monitoring can cast a harsh glare on business practices and legal issues that end up putting information-technology staff on the spot.

DLP content-monitoring equipment often gets rave reviews from security managers deploying it because it can give them a view they never had before into their organization’s daily business communications. It may present the big picture, zeroing in on where sensitive data slipped out and who did the deed. But chief security officers with months of DLP experience caution all this newfound knowledge can be disruptive, spotlighting internal data-management practices that incite concern about possible regulatory violations.

“You move from ignorance to compliance jeopardy,” acknowledged Tony Spinelli, senior vice president of information security at credit information services firm Equifax, describing one impact that deploying DLP — in this case, the Symantec Vontu equipment — made at his firm. “A lot of regulations say when you know what’s leaving your network, you have to disclose that.”

Spinelli, who spoke on a panel at last month’s RSA Conference on the topic, said in spite of the initial disruption caused by finding out about internal business data practices that had to be fixed, Equifax is now so accustomed to DLP content-monitoring that it’s now considered just part of the security “hygiene,” he said.

DLP also has played a role in bringing together the human resources, legal and security groups at Equifax to coordinate content-monitoring policy, he added.

Two other security managers who joined Spinelli at the RSA panel to discuss DLP also cited its disruptive influence.

“How do you look at your data, know your data and understand what you have? We never had tools to tell us what was happening and we relied on anecdotal evidence or audits to find out,” said Patrick Lefemine, chief information security officer at Hartford, Conn.-based firm Lincoln Financial Group, another Vontu user.

Lefemine acknowledged the initial piloted use of DLP “scared the hell” out of both management and IT staff, especially the time it spotted the CEO’s salary, Social Security Number and home address being inadvertently transmitted. “That got us the funding for this project,” he added.