There needs to be a separation between corporate and general use networks. Many organizations have different levels of use on their networks: programmers, manufacturing, and administration, or in the case of the education environment you have faculty, staff, and students. These different environments need to be treated differently. There should be segmentation between them and the assets on them should be managed accordingly.
This is not to say that different organizational divisions should not have shared resources or that there are not times when datasets cross boundaries, but when there is not appropriate segmentation in a network it becomes difficult for proper security safeguards to be put in place. Also There becomes a fuzzing of the lines between what is what in the corporate space. Tools such as DLP become difficult to implement and harder still cultural boundaries become b
With the federal government entering into the space of breach laws can organizations still play around with security practices? What is the standard acceptable best practice for security in any sized organization and where is the burden placed as businesses and non-profits move more of their infrastructure into the cloud? These are all questions that we as security professionals need to be asking.
I have been doing information assurance and security work for many years with a focus on network security monitoring and incident handling. I have been working in IT for more than fifteen years with a focus on architecture and systems.