Organizations of all sizes need to adopt a top-down, bottoms-up approach to selecting and organizing storage security and data protection solutions. A top down CISO needs to define the levels of assurance, availability, spend, and other key business attributes for security and data protection, as well as define a layered storage security architecture and the capabilities and dependencies of each layer. This is particularly important when the business or operations are virtual, with data sharing across businesses, the enterprise, partners, and service providers. Each security technology layer and business process needs to be assigned to an appropriate business sponsor and IT lead for implementation and ongoing operations.