Fidelity Bancshares Inc. in West Palm Beach, Fla., is using the message-blocking feature in PortAuthority from PortAuthority Technologies Inc. in Palo Alto, Calif. Outbound e-mail messages that contain Social Security numbers, account numbers, loan numbers or other personal financial data are intercepted and returned to the user, along with instructions on how to send the e-mail securely.

Joe Cormier, vice president of network services, says he also uses PortAuthority to catch careless replies. Customers often send in questions and include their account information. "The customer service rep would reply back without modifying the e-mail," he says.

Fear of false positives is one reason why Fredriksen started out using only Vontu's monitoring functionality. Minimizing false positives requires tuning the system, investigating the causes of false positives and developing policies to work around or avoid them. Fredriksen warns that technology alone won't succeed unless the company using them has a strong policy for handling sensitive data, as well as a response plan.

"The challenge with any system like this is they're only as valuable as the mitigation procedures you have on the back end," he says. Another key to success, says Fredriksen, is educating users about monitoring to avoid "Big Brother" implications. "[We are] making sure that the users understand why we implement systems like this and what they're being used for," he says.

Henry says real-time blocking could cause network slowdowns because all traffic must be routed through the appliance before being forwarded to its destination. For now, he says, most organizations that enable blocking avoid performance problems by using it only at the network perimeter, where bandwidth is significantly lower, rather than inside the core network.