Re: Classified and commercially sensitive documents?
Oh yeah, I completely agree. I don't have any involvement with central gov or the security services any more, their security requirements differ from the general population I work with.
I suppose I'd question if you can be sure that any of your data only lives in the UK (say) irrespective of how you store it. If I'm relying on a file server in my datacentre can I be certain that something didn't end up on a USB stick, a backup tape lost in transit, etc. I know that this can be achieved, but I've also done a lot of work across a lot of public and private sector and know what the real world looks like.
I try to think about how I'd approach my security if I knew I'd been breached and what kind of thing would I want to have in place. DLP solutions have (in my limited experience) been expensive and cumbersome for the user and I think this is starting to change as the cloud provides us with an authentication and identity management platform that can and does span organisations without them needing to do a great deal. So if I send an email attachment to the wrong person, it now doesn't matter as I can revoke their rights to it, I didn't used to be able to do that.
It's no global panacea, but it is an evolution of capability for some of the standard basic issues that businesses I talk to face.