BANGALORE, INDIA: The advance of technology has not made life any easier for the IT security professional. In the past, IT organisations were primarily responsible for a company's data security. It was a model driven from the bottom up – they were the ones who worried about devices, users, accounts and passwords. If a system got hacked and data was stolen, IT took care of it and only very rarely did this get escalated to the business.

The IT security-centric culture is changing. These days, the key drivers for an organisation's security are determined at the board and the executive level.  Today's security landscape demands governance, risk management and compliance (GRC).  And, these demands are compounded by the need to prove GRC and provide for litigation readiness.

Many of the progressive organisations are addressing legalities right now and it's a hot topic. Even if they haven't had specific litigation events, they're engaging in what's called litigation readiness and providing systems to support that. So, if an organisation receives a lawsuit - over a privacy claim, a sexual harassment case, or a contract dispute - they can pull together all the information that exists throughout the company to support that claim.

The problem is, look at where our data lives today – it's everywhere. Think about where we personally maintain data – printed or electronic copies in our office, in our cars, in our homes, on our mobile devices. How easy is it for a company to rein all of this in?

Data distribution becomes a concern when we think about the changing culture in many organisations. People increasingly expect to be able to use mobile devices like smart phones or the BlackBerry and if the company won't give it to them, they buy these convenience devices anyway. The risks are obvious: all of the user's email and associated documents are on a mobile device that could be easily stolen, leaving open access to items that you would have had to infiltrate a company to get a few years ago.