As some companies explore ways to streamline business and cut costs by pushing information out to customers and partners via the Web, others work just as diligently to keep their proprietary knowledge locked safely inside the corporate vault. What surprises many executives is that the greatest threat to those intellectual assets is presented not by poachers hacking into the company, but by employees, either carelessly or maliciously, sending IP out the door. As a result, a cottage industry of content-monitoring startups has sprung up to help companies keep confidential information confidential.

Gartner Inc., the IT market research firm, estimates that 85% of high-cost security incidents occur when employees, often unknowingly, send confidential information outside the company. These internal leaks most often occur when employees send file attachments to their personal e-mail accounts so they can work from home or e-mail information to clients or partners. "The average Fortune 500 company could be facing $1 million to hundreds of millions of dollars of loss as a result of insider problems, and without [content-monitoring] technology they would have no way of knowing that this is happening," says Larry Ponemon, founder of Ponemon Institute LLC, a Tucson, Ariz., consultancy specializing in privacy issues.

Of course, companies already spend heavily to protect their information networks from outside hackers and computer viruses, but few take precautions to secure sensitive information from accidental or malicious internal leaks. If spending on content-monitoring software is any indication, though, that is beginning to change. In an analysis of dozens of Fortune 1000 companies, the Ponemon Institute projected that spending on such software will soar more than 900% this year as compared to 2004. Corporate customers spent about $15 million last year on the technology and have doled out roughly $150 million already in 2005, the firm estimated. John Muir, managing partner at Trusted Strategies LLC, a Pleasanton, Calif., security advisory firm, says companies that finally implement content-monitoring software are often "aghast" at the information they see traversing their networks. "What this industry has got going for it is the hot realization that the problem isn't just outside in - it's also inside out," he says. Some leaks most certainly are deliberate, with insiders using a range of tactics, from printing PDF files or burning information onto compact disks to more sophisticated techniques, such as sending encrypted files within photographs or even creating their own Web sites where they can post confidential data. San Francisco-based Wells Fargo & Co. learned the hard way about such risk. Last October, several laptops containing confidential records, including names, addresses and Social Security numbers of the bank's customers, were stolen from an Atlanta subcontractor, according to published reports. In another incident, Cisco Systems Inc. of San Jose, Calif., last year reportedly investigated the theft of some of its source code.

Experts say none of the big security giants, such as Cisco or Symantec Corp., among others, have developed content-monitoring technology yet, so for now, a host of startup companies are vying for corporate customers. They include Vontu Inc., Vericept Corp., Reconnex Corp., Tablus Inc.­ - which purchased Indigo Security LLC in April - and scores of other startups hoping to cash in on the trend. "It was relatively easy for Tablus to raise money a year ago, because there were few organizations that focused on the kinds of solutions that Tablus provides," says the company's vice president of marketing and business development, Jim Hogan, referring to the $7 million Tablus raised in February 2004 from Menlo Ventures. To date, Vericept has raised $49 million in venture capital, Vontu $25 million and Reconnex $14.8 million.

Despite the hype, experts say content monitoring has a long way to go before it becomes a must-have for companies. Currently, most of the products alert systems managers only if a breach has occurred, instead of stopping it at the door. Vontu has begun focusing on how to seal such leaks, and other companies plan to follow suit, experts say.

The bigger challenge may lie within corporations themselves. Determining what data is confidential is tricky and laborious and, as is the case anytime information is filtered, being over-protective of intellectual assets can choke the legitimate exchange of information between a company and its partners. - Cheryl Meyer

Join Corporate Dealmaker's LinkedIn forum