Loss of Intellectual Property
You have talked about securing corporate data, but any organisation that works with external resources (consultants, onshore/offshore outsourcers, development labs etc) has an exposure that often seems to be ignored.
When external technicians create programs or other types of content in the course of their assignment, do you check the provenance of that IP and ensure that the new data is 'moved' into your domain?
Too often I arrive onsite only to find that a previous consultant has built applications/infrastructures/architectures and when they left the only 'handover' was of the running systems. No accounting was made for the ancillary data or for the actual system itself being handed into the client at the end of an assignment.
Conversely, are you sure that onsite consultants have created a solution from scratch, or are they just re-cycling IP from previous assignments? There's nothing wrong with that, as long as any re-cycling is properly attributed and you know what your exposure is.
