Another method is to turn to proxies as a type of traffic cop to inspect traffic to some degree. "These can be complemented with policies that restrict or block encrypted traffic that doesn't pass through 'official' channels. However, some of these strategies may be limited in their usefulness if legitimate traffic cannot be directed through these accepted channels or unauthorized traffic cannot be sufficiently restrained," he says.
And if those policies appear overly draconian -- users still have other ways to transfer files, such as using cellular networks, Crawford explains.
George V. Hulme writes about security and technology from his home in Minneapolis. He's been known to send some fairly cryptic Tweets from his account @georgevhulme.
Read more about application security in CSOonline's Application Security section.