Most companies routinely assess their data security with overall security policy health checks, site surveys, and reviews of processes, systems, networks, and applications. Yet each of these activities rests on fundamental assumptions about where the data resides and how the data "behind the server" is secured.