Risk management and digital security are priorities for us, as are end-user empowerment and productivity. This is a delicate balancing act. We see three common practices that an IT department can apply to assess risk levels and instill the right internal policies to help safeguard access to sensitive information. First, IT needs to invest in raising the bar on IT controls and employee empowerment. Second, IT needs to focus on the data. Devices come and go; data will always be treasured. Third, IT needs to develop a framework that balances business value and risk mitigation.