Insider threats are as much about people and process as about technology. Insiders with trusted access can operate in relative silence to inflict damage and too often malicious internal users’ activity looks normal to systems monitoring for anomalies. The difficulty of knowing where sensitive data resides and how it is used in a complex environment remains a central challenge.