You may lock down access to confidential information on your network, but what's to prevent an authorized employee from e-mailing sensitive files to someone else? A company called Code Green Networks sells an appliance that "fingerprints" confidential information and then inspects all outbound packets to make sure that protected content doesn't leave the network. It's a clever approach, though I wonder about scalability and performance, both of the fingerprinting and scanning processes. In any case Code Green just announced adapters for fingerprinting content in Stellent and Documentum; you need special adapters because those two vendors live in a world of proprietary repositories and access methods. Look closely at the 2 developer screenshots (Stellent, Documentum). You'll see that the fingerprinting process needs to know which content is confidential. Hopefully you've already tagged or typed that content accordingly. Metadata lies at the heart of hidability and findability. Meanwhile, for encrypting content "at rest," check out a company called Decru, which works with FileNet and EMC, among others.