Not surprisingly, many companies view their security guru pretty much like the way ancient tribal people saw their medicine man -- although perhaps with much less confidence these days. Take, for example, the recent rise in security breaches (lost backup tapes, disclosure of customers' data, and such). I don't believe -- not even for a second -- that those companies saw the possibility of a security breach coming and chose to do nothing to prevent it.

Rather, I believe their priority was to attend to other security measures considered more pressing at the time than, say, encrypting tapes or verifying access to e-mail archives. The scary part is that right at this moment, your company (and mine) could be making the same mistake.

Is it reasonable to assume that the same incident won't happen again -- that lightning won't strike twice? Perhaps, but a security breach in a different area is still possible because a full security blanket does not exist. Also, there's no well-defined framework for data security, which makes it difficult for companies to effectively integrate different products. As a result, even if the security manager is making every possible effort to protect the confidentiality and integrity of company data, those measures are not guaranteed to work.''

Luckily, things are beginning to change, perhaps fueled by the public uproar following some of the recent security breaches. I recently spoke to at least two vendors who gave me a ray of hope for the future of data security.

"The problem our company really focuses on is how to simplify data management, and security is a fundamental component of that," says Kevin Brown, vice president of marketing at Decru, a storage security vendor that was acquired by NetApp earlier this year. I spoke with Brown to learn more about NetApp's new Uncompromised Security Initiative program.