Before the onslaught of today's security-related mandates most companies were already struggling to deal with their own internal mandates for security and control of their IT infrastructure. Now even small companies with a tightly-focused business scope are impacted by multiple security mandates from within the organization, as well as from government, regulatory and industry requirements. Faced with the multiple mandates and looming deadlines it's easy to take a reactive, point-in-time oriented approach.