There is a trend toward “cloud computing” in which a client's services are hosted by a third party's network of computers, storage devices, etc. Cloud computing reduces the capital expenditure requirements by the client to buy computers, routers, storage devices, and the like. Instead, the client relies on the third party's hardware and software infrastructure. One of the issues, however, that should be addressed is security as the client does not own and control the hardware and software on which its services and data are hosted. Aside from cloud computing environments, security of even client-controlled networks and the data and services hosted thereon is an issue. In both cases security in driven by policy, specifically security policy, the scope of which is based on two fundamental tenants. The first tenant is that security policy is only relevant to the extent reached by the IT infrastructure that implements the policy; security policy cannot be applied beyond the means to control it. The second tenant, the degree of implementation fidelity, is determined by technology capability and the amount of acceptable risk determined by management. These two basic tenants respectively reflect the constraints that exist in collaboration across the enterprise, with vendors and clients, and the cost vs. risk balance of security technology deployment and maintenance. Unfortunately the security model that exists today, one that industry and the enterprise is familiar with, is significantly compromised; the changing landscape of information technologies, IT infrastructure topologies, and business needs have made it so.