Security policies in the future will need to be more specific in terms of how users should and should not behave online, and how users should handle sensitive data and leverage security technology, Cloutier says. "We have to give people better guidelines and use-case scenarios," he says. "This includes giving them how-to [instructions] in very specific environments," such as cloud services.
"Due to a heightened awareness of security and the light being shined on events by traditional media, gross noncompliance will not be tolerated," Greenberg says. "Currently, [corporate] culture determines how infractions and negligence are addressed, and it varies widely from company to company."
Some companies will come to rely more on analytics to help with security and compliance enforcement.
"Historically, most enforcement has been based on simple binary rules--Johnny copied a document that should not have been copied to a USB stick," Daly says. "Financial companies have developed more complex behavioral analytics that identify possible fraudulent activity. These more complex rules, coupled with the power of cloud computing, are enabling much more sensitive policy compliance alerting and enforcement."
Bob Violino is a freelance writer and editor. Contact him at firstname.lastname@example.org.
Sign up for CIO Asia eNewsletters.