The simultaneous rise of consumerized IT, mobile devices and cloud computing has ensured that sensitive corporate information is now reaching more people and more endpoints than ever before. As much as they would like to, risk management professionals cannot turn back the clock on this increasingly distributed and collaborative work environment. As a result, companies must pay closer attention to classifying and protecting sensitive data from the moment it's created.

Taking inventory
With perimeter-based defenses proving increasingly vulnerable to cybercriminal attack and noncompliant employee data management, companies may have to concede the fact that pursuing absolute control is a fool's errand. Instead, security teams should first focus on identifying their most important information assets - both in terms of strategic business value and compliance obligations.

"Any controls that you implement will require that you know which assets need to be protected, so you need to identify those assets," virtualization architect Bill Kleyman told Dark Reading.

Once this classification structure is in place, companies can more judiciously apply data encryption software and similarly strong protections in the areas which need them most. Additionally, this process could uncover anomalous or excessive data collection habits which can be trimmed to further reduce liabilities.

According to Forbes, companies should already be asking themselves how much sensitive data is being collected, for what purposes and under what storage and disposal requirements. Having both business and technology teams conduct routine reviews can help root out misalignments and strengthen accountability.

Vetting partners
Leveraging IT resources that travel and/or reside offsite is a fact of life for almost every business these days. Between employees carrying corporate-liable workloads on personal smartphones and tablets to cloud hosts promising affordable and efficient storage, all parties that touch sensitive data must be trustworthy.

These character assessments are a little bit easier when dealing with in-house colleagues, as IT teams can consistently coach workers on emerging best practices and regulate their behavior with usage policies enforced by data security solutions. These days, the unpredictable elements often reside with the cloud service provider.

According to Forbes, prospective cloud customers should be sure potential business partners are answering all the tough questions before directing attention toward the dotted line. The honeymoon phase is over for cloud computing, and vendors should be prepared to transparently discuss the data protection provisions they have in place and what they can and cannot do to complement the customer's current security vision.