Data security has never been as hard as it is today. And it is going to get harder. Why? Because it is becoming more embedded in everything we do; and because we, not technology, hold the key to the future. The protective walls of the corporation came tumbling down a long time ago. Software-based security solutions encrypt the data to protect it from theft. However, a malicious program or a hacker could corrupt the data in order to make it unrecoverable, making the system unusable. Hardware-based security solutions can prevent read and write access to data and hence offer very strong protection against tampering and unauthorized access. Not only are a significant number of computer systems connected to, or indeed, run from the internet, but also the ways we access corporate data have fragmented beyond recognition. Within the past decade, mobile devices have gone from being exceptional to the norm. And millions of potentially insecure devices are now being connected, in the guise of the Internet of Things. This brave new world of work is built upon a spirit of trust and collaboration, with smarter organisations drawing on the broadest pool of stakeholders — co-creating with customers, suppliers and even competitors. While this approach puts people first, it nonetheless requires boundaries to be set and enforced — but without getting in the way. Agility is key to the future, in data security as in business. For security to succeed in such a flexible environment, it needs to consider the role of data as an enabler to collaboration, as well as offering service provisioning mechanisms that are considerably more straightforward than today. If you create an environment which hinders, rather than help people to deliver on the needs of the business, you will increase, not decrease strategic business risk. While this creates a dilemma for any security professional, that does not make it wrong. As organisations evolve over the next decade, we shall see this point proven again and again.