New business pressures mean that organizations need to share data across ever-widening organizational and geographical areas. However, at the same time, they are increasingly accountable for ensuring that data is properly protected, even when it resides on infrastructure over which they have little or no control. This has led organizations to look at ways to secure the data itself, rather than just the infrastructure that holds and transports it. What do they find? The technology to help them is still embryonic with only a few vendors offering solutions. Mainstream migration to a datacentric security model will take five years to evolve, but today, companies need to define a strategy for atacentric security starting with information classification and data encryption.