Some less obvious risk sources are the following:

-- Undetected data loss -- What is the likelihood of data loss (accidental deletions, improper data modifications, latent corruption) going undetected for weeks or months? Does the organization have a means to protect against this type of loss?

-- Interdependency risk -- Inability to recover because of lack of synchronization of among or within applications is an area that is not given sufficient attention, and can result in hours or even days of added time and effort. Has this risk been considered?

Developing a comprehensive profile of risks and aligning to a common framework of policies and practices can eliminate redundant efforts and eliminate exposures that may exist today.

Jim Damoulakis is chief technology officer of GlassHouse Technologies Inc., a leading provider of independent storage services. He can be reached at jimd@glasshouse.com