The YouTube problem faced by content producers (e.g. television networks, record companies) has largely been a non-issue for most organisations. It's a big problem for them however. Articles all over the place going on about the billions of dollars in revenue being lost because it's easy for people to post and watch things on YouTube. Some have given up and embraced YouTube as a place to promote their artists. For example, RCA Records has a YouTube channel where you can watch all their latest music videos...and many old ones too.
The thing about YouTube is that it makes things you want to watch really easy to find. Just search for it. That's the real power (that and they were first to market and are now owned by Google, but these facts don't help with what I'm trying to say). It's a lot easier than asking your friends via email, instant messaging or social networking sites if they have certain files. YouTube also doesn't limit your "search network" to just your friends. You can search for videos posted by millions of people you don't know and will likely never meet.
Peer-to-peer networks, although related to the problem at hand are another issue altogether. They expose the same types of issues, but they are not as big of problem as one might think when it comes to corporate networks once you compare it to what I'm about to outline. Allow me to explain.
In a corporate environment, it's relatively easy to control the network traffic and applications that your users are running. With the right tools in place, you can prevent users from installing and running peer-to-peer applications or block the relevant network connections required for these things to function. This is a MUST. Imagine the whole peer-to-peer network workwide potentially being able to search for proprietary and sensitive information that is held on your corporate network. Users aren't trying to be malicious most of the time, but they aren't security people either. So they inadvertently leave great big holes in your organisation.
Imagine KFC's list of 11 secret herbs and spices being hosted on a KFC server somewhere and having that exposed to a peer-to-peer network! They probably wouldn't go out of business, but someone would put a serious dent in their revenue if they got their hands on it. Or if you're a retailer and one of your employees accidentally leaves a file full of customer financial details unencrypted and sitting on a folder that the peer-to-peer software can access. Great, big, giant hole that is going to cost the organisation lots and lots and lots and lots of money, not to mention the intangibles that cannot be measured in dollars (e.g. customer confidence, damage to the corporate brand). I think you get the idea. Peer-to-peer network on corporate network = bad idea. So lock that down.
Back to YouTube. But it doesn't host documents you say. Yep. True. Which is why YouTube is not really a problem for those of us not in the music, television and movie industries. What happens if there was a YouTube for documents? Quasi YouTube-like repositories have always existed. They're called online file servers. But they only store stuff...and most of the time this is not public. It's just there for the user to store their own stuff. And even if they someone allowed documents to be made public, they weren't very easily found. So they're not really YouTube for documents. Even so, you should probably be blocking users from uploading sensitive files to these sites. The risk profile isn't quite as high however, because of the lack of decent search capabilities. You put decent search capabilities and the power of tagging next to a document only type of site, and you get YouTube for documents.
I bring this up because of late, there have been quite a few start-ups doing just this. One of the early ones was Scribd. They actually market themselves as YouTube for documents. Recently I've also come across docstoc. They pretty much do the same thing. And to a lesser extent there are also sites that are essentially an online desktop/bulletin board for you to throw things on there. Photos, notes, music, videos...and documents. These can also be made public. I'm not sure if their search capabilities are decent, but they are there. Recent examples are Stixy and WIXI (as an aside, who the heck comes up with these names! They sound like something my little 5 year old cousin could have come up with).
So now we all have the same problem as the content providers that despise everything that YouTube represents...except corporations have more to lose. Why? Because it can potentially cost billions. That's right. BILLIONS. In fines from losing customer information, for not being PCI compliant, for not passing the many many audits organisations are subjected to nowadays and so on. And there's also the potential billions that could be lost if your "11 secret herbs and spices" gets out there.
Where previously the most convenient way for your data to leave via the network was through email (or even web-mail), it can now be hosted on multiple, searchable, document sharing websites. When you email a sensitive document out to a list of people, the speed that this document can proliferate is only as fast as the recipients can press the forward button. Even then, you're limited to their address books. This spread is exponential by the way, so it's by no means a non-issue. But it's still slower than having the sensitive document immediately available to a whole community of users! It's like aggregating all your contacts, the contacts of your contacts, the contacts of their contacts' contacts and so on (try saying that quickly) and blasting the document to all of them at once.
I've got an account on both Scribd and docstoc. I don't really use them at the moment. I just wanted to check them out. My first few searches on each already produced documents that I'm not so sure the companies they relate to want out there. But hey, they're freely available. You just need to sign up!
So how do you stop this? While you can conceivably and justifiably block most peer-to-peer applications, you can hardly block users from using the Internet! Sure, you can block Scribd, but then docstoc comes along. Then you block docstoc, and another competitor comes along. It may never stop. The same can be said about peer-to-peer clients, but it's a heck of a lot harder to build a new peer-to-peer client than it is to build a new document sharing website. Blocking specific sites or applications is only a temporary fix. There'll always be the next site or application that comes along.
The key is to protect the information and control the many ways it can leave and under what circumstances. There's obviously the whole issue of information identification and classification as the up-front step. But that's for another day :)
Just be aware of the escalated risks YouTube for document-like sites pose to your corporate data. They make the information much more readily accessible and data loss and leakage will happen a heck of a lot more quickly than it has in the past.