You need to know who IS accessing resources, and if they don’t have the proper credentials, you need to be notified immediately to take further preventive action. You need to know your rights, liabilities (SLA) for any application or service acquired and that they conform to your risk management practices. Effective governance is the ability to have a centralized map of all these information roads and create certain controlled access points, road blocks (encryption), privileged private lanes/public highways…in short, governance is about accountability.