“Enterprise” is defined by data and “Security” by relationship
Enterprise security and location of resources are unrelated. From a location-of-access standpoint, take the trend of mobility to its ultimate conclusion: Users employ an array of mobile platforms to send email, modify documents and close deals – or they access critical applications from home machines not provisioned by the organization. But the data we hold needs to be protected just the same. Just because devices accessing critical resources aren’t coming from some arbitrarily drawn geographical border doesn’t mean that the security of those resources is any less relevant.
Enterprises reallocate storage and processor resources on the fly across the globe in response to user demand, business volume, time of day or any number of other factors specific to their business. Security is still a critical factor of supporting the organizational mission. And the embodiment of the organizational mission is the data the organization creates, processes and stores. Just like the data defines what the enterprise is, so also is “security” defined by the chain of relationships along which that data travels. If the data is compromised, the responsibility for failure to protect that data rests with the organization with the relationship to the data owner. If confidentiality, integrity or availability of that data are keys to supporting the organizational mission, the organization is the one that takes the hit. If the organization is acting as a steward of that data on behalf of someone else, they are the ones with the relationship to the data owner and are therefore the one to take the hit when security fails to protect it.