Security restrictions are often lifted for faster disaster recovery. This grants access to external services for providing at least basic infrastructure operation, but puts data at risk. Usage control monitors are supposed to avoid data abuse by watching every movement, yet they appear unfit for a fast roll out and prone to low-level attacks and steganographic tunneling. We propose supplementing monitors with watermarkers and also sketch out an algorithm for it to integrate provenance information into data itself. So, an auditor can inspect such watermarks, query involved monitors, and tell a legitimate from an illegitimate usage more easily.