Why do so many security vendors (thinking of DLP) act like HTTPS is the only protocol for sending messages.
"Oh, we inspect all HTTPS traffic, we block HTTP and block USB mass storage"
"What if I open a VPN?"
"Oh, then this wont work"