Regulatory requirements and increasing consumer concerns about information security breaches are making data-level security controls a top priority for 2007, according to IT managers at the Computer Security Institute trade show held here this week. After years of implementing technologies such as firewalls and intrusion-detection systems to keep network perimeters safe, companies now must move similar controls down to the data level, they said. Nonpublic information of all sorts needs to be protected, whether it is at rest or in transit, and that requires an increasing focus on measures such as data classification and encryption, stronger user access and authentication and usage monitoring and auditing, John Ceraolo, director of information security at JM Family Enterprises Inc, said.