I think that protection is only for some key components.
In most cases, leaking sources is not as bad as it seems at first glance. In addition to the source code, the company has:
1. Necessary infrastructure. This includes not only hardware, but also the software ecosystem. Usually, different services of large companies interact with each other and, as a result, are closely connected. For example, authorization system, search, high performance computing platform, data storage platform. It is unlikely that you will be able to take and deploy a ready-made individual product just like that.
2. Developers who are familiar with the code (I have no idea how much resources you need to spend on analyzing the source codes of the same Google mail). While competitors will be analyzing the source code, the owner company is already implementing many new features.
Worse, when algorithms leak (for example, the ranking formula). It can be used not only to achieve a competitive advantage, but also to dishonestly use the finished system for your own purposes (raising yourself in the issuance). And to implement the described algorithm is often faster than understanding its specific implementation.
And in general, it is better to trust developers (as well as testers, admins and other employees). It is unlikely that in an atmosphere of distrust it will be possible to create something good.

Not an expert, just my IMHO:
1. Separation of duties (someone deals with one block, someone else)
2. Banning all removable media
3. Data Loss Prevention system
4. Administrative measures.

There are general considerations on this topic:
- Everything that can be patented, licensed, registered - is patented (discoveries, technologies, inventions, algorithms, trademarks, industrial designs, and so on and so forth), the right to issue licenses is acquired, registered;
- Security measures are applied at the enterprise - including (as mentioned by other participants in the discussion) access control, hardware protection, contractual restrictions (non-disclosure agreement), appropriate personnel policy.
With significant (read, almost infinite) material resources and legal services of an MS-ranking office, Google and others like them, the probability of theft will be a trivial event (absolute 0). The only thing they can't cope with is the state powers of the superpowers - the same NSA, FSB and others (if they decide to "steal" something from them).
If MS takes "you" to court, then all your activities will be paralyzed. If you (even in essence and with evidence) accuse MS of piracy and sue them, then the maximum you will achieve is material compensation (MS has functioned as it will, and no one will say that MS is a pirate office, although using all the same criteria for it and knowing that MS repeatedly borrowed codes from other developers - MS is a pirate company).