Organizations need to adopt a top-down, bottoms-up approach to organizing storage security. A top-down (Chief Information Security Officer) CISO needs to define the levels of risk and spend, as well as define a layered storage security architecture. Each storage security technology layer needs to be assigned to an appropriate IT department for implementation and ongoing operations.