Once upon a time, security and risk professionals defined borders that limited and restricted users as well as a visible set of threats, such as worms and viruses.

Today, an organization's functional network extends well outside of its controllable borders. As organizations add new connection options and new devices like smartphones and tablets to the network, the potential attack surface expands well past the virus-infected laptop. Business partners, contractors and user-owned devices make locking down a network even harder. Known as the "extended enterprise," this new network is dynamic and organic. It constantly shifts with the movement of users, the rise of new technologies, the inclusion of new partners and supply chains, and the advent of new attacks.

In an extended enterprise where the IT infrastructure changes frequently and assets (both external and those that you control) come together dynamically to deliver an enterprise function, one thing remains predictable: enterprise data and the value it represents. Attackers rarely strike networks or users just for fun; they attack to steal data. As a result, an effective data protection strategy needs to take on a data-centric view rather than an infrastructure and device-level view. Let’s look at