Building barriers

Some of those measures can be straightforward. Companies seeking to protect data on laptops and other mobile devices have been a boon to top-tier data encryption vendors such as RSA and PGP.

Even at PKWare, makers of PKZip, simple encryption features that work across diverse platforms have helped drive sales. Data security now accounts for half of the company's business, compared with just 20 percent three years ago, says Todd McLees, vice president of marketing.

As CDS has discovered, start with the obvious and build from there. The company used a layered approach to get a handle on external security -- with standard security measures such as firewalls, VPNs, and SSL encryption -- then added configuration control technology from Tripwire. More recently, McCarthy says, CDS has deployed outbound filtering technology from Palisade Systems that can do packet-level inspection and spot data such as credit card numbers that might be traversing the company's network or leaving the company over FTP or HTTP.

CDS has gone further than tackling sensitive data as it flows among authorized employees inside the company. It also has determined the behavior of hundreds of companies that contract with the magazines CDS works with, many of which pay far less attention to data security -- and may send spreadsheets or CDs with sensitive subscriber data to the company.

Nonetheless, the threat of a Gary Min-style rogue insider looms large. The goal, McCarthy says, is to put up enough barriers that it becomes almost impossible for a lone insider to do significant damage.

"You want to reduce it to the point where nobody can act alone and do something," McCarthy says, "where you need a conspiracy of persons to make it happen."