Traditional information security measures primarily involved securing enterprise network from outsiders using firewalls. However with growing focus on collaboration, evolution of web 2.0 (and cloud computing), we are seeing a paradigm shift in the way enterprises used to operate.
These days we work with people and organizations that are partners rather than employees. To be effective, they need access to data and intellectual property that the organization owns, but it must often be delivered to an environment that it does not control. Ultimately the only reliable security strategy is to protect the information itself, rather than the network and the IT infrastructure.
In this context I came across the following recommendations from the Jericho forum:
Extending these ideas, checkout Jericho forums' recommended 11 commandments on enterprise security.
In coming days, as we move more towards distributed computing over the cloud, I see the above recommendations gaining in relevance.