Have you purchased all of the right products for your network?  Do you have your firewall, switch, security server, SAN, WAP, and Two-Factor authentication device?  Great then aren’t you all set for security? Truth is you have a lot of stuff and that is it.  Without developing policies and procedures on how information should be handled and what is and is not allowed you don’t really have much of anything.

Let’s say you have a Web Blocker installed to stop traffic, but you never monitor what is being done on the allowed sites.

Let’s say you have an email security and DLP device, but rules around what should be stopped are never created or tested.

Let’s say you have a state of the art SAN configured, but the security was never applied to those sensitive folders.

The actual purchases of the products are only the beginning.  Now here comes the configuration and policy development.  Make sure your IT staff has a deep understanding of what they need to do and they are trained and thoroughly understand the devices.