How to reduce information leaks from your organisation

Information leaks from most organisations to some extent or another. One way it does so is by employees (perhaps who are about to leave) taking it out of the door on the removable storage device of their choice.

Access controls can be used to segment access to reduce who is able to gain access but at the end of the day some users must be trusted to access sensitive information for it to serve any purpose.

Rather than obsessing on which type of device I suggest considering how to protect the information itself. Microsoft's Information Rights Management technology can be used to automatically encrypt documents based on their level of sensitivity. When the risk of exposure/loss is significant you could set the policy to require the client machine to be online to the RMS Server every time the user wishes to view or edit the content. If the user tries to open the document on their own (non-corporate) machine then theoretically it will not have access to the RMS server and therefore they will not be able to access the information.