Sitting back, looking at his security controls matrix, George felt comfortable with the trustworthiness of systems on which he expects sensitive information to reside. His database servers are located on segments locked down and monitored by unified threat management (UTM) devices. The NAS where he expects unstructured data (e.g., Word and Excel files) is encrypted. Data in motion is also protected, with nothing leaving the boundaries of his network in clear text. But he has a nagging feeling deep in his gut telling him something is missing. Then it hits him. What if users don’t put data where he expects? Does he already have PII or ePHI stored in risky storage? The worst of it, George realizes, is that he has no tools to help him answer these questions.
George’s situation isn’t unique. Across the globe security managers working for medium and large organizations are asking themselves these same questions. …
View original post 661 more words