Take a minute if you will and consider the following scenario. It’s likely a familiar one; just do a quick Internet search of data breaches and it will pop up again and again and again.

Company XYZ has a security policy that mandates the use of encrypted USB storage and issues the appropriate devices to its users. However, the company still finds itself at risk from a data breach because users continue to use unencrypted portable storage.

I’d bet that the CEO of this company, and every company dealing with such a data breach, was caught by surprise. After all, they had a security policy in place and they issued encrypted devices to their staff, yet still there’s an incident of data loss that they must deal with.