A company's GRC efforts can get pretty complex, no matter how much automation you try to bake in. The issues seem to multiplyg daily. To give us all a little guidance, CIO Insight offers eight data security time bombs for you to ponder, and then try to avoid. These issues will no doubt keep you busy in the upcoming year. I hope they energize you, because each represents a risk that could blow up in your face in the new year.

Storage creep--the proliferation of data across systems, devices and departments.

1. Smartphones and tablets--fake apps, emboldened hackers, poorly thought out policies, and a rush of new products that even top executives may be demanding have to be dealt with.
2. Stealth culprits--the likes of flash drives, SD cards and MP3 players can cause problems when people try to use them for work.
3. Virtualization--some think the trend has outpaced the security measures. The sprawl can easily overwhelm, making it all too simple to lose track of assets.
4. Social media--you likely face pressure to roll out these sort of initiatives. Many companies still haven't appreciated the challenges.
5. Cloud computing--vendors have beefed up their efforts. But there's always a danger when you entrust data to clouds, public, private or hybrid.
6. The lowly spreadsheet--they are still a bedrock technology when it comes to GRC. They are easy to take for granted. But they can easily cause data leakage when people email them around willy nilly.

PCI Compliance over wireless--CIO Insight suggests you go beyond the PCI-DSS in this area. The risks are that great.

Related Articles:
Information security: Good idea, bad practices
PCI DSS in the cloud, coming soon?
iPad enterprise security issues can be overcome
Security holes in mobile bank apps