After years of implementing technologies such as firewalls and intrusion detection systems to keep network perimeters safe, companies now must move similar controls down to the data level, they said.

"The data now matters above everything else," said John Ceraolo, director of information security for JM Family Enterprises Inc., a US$9.4 billion auto distribution and financing company based in Deerfield Beach, Fla.

Non-public information of all sorts needs to be protected, whether it is at rest or in transit, he said. And that requires an increasing focus on measures such as data classification and encryption, stronger user access and authentication and usage monitoring and auditing, Ceraolo said.

Most of the "blocking and tackling" that was needed to handle network threats has, to a large extent, already been accomplished via technologies such as firewalls, and intrusion detection and prevention systems, said Mark Burnett, director of IT security and compliance at Gaylord Entertainment Co. in Nashville.

The goal now is to put multi-layered defenses around the data as well, he said. "We are layering technology controls to make sure we can identify where the information is passing across our network" and protect it.