Did you see my session at Symantec Vision 2012? If not, you missed me talk about how you need your very own Robocop to protect services, applications and storage that accept and distribute files.
His prime directives align very well with how you should approach your service and infrastructure security:
1. Serve the public trust - Your users will TRUST your service. They'll ignore warnings and common sense because YOU are giving them access to something.
2. Protect the innocent - Your users are unlikely to be as security-aware as you are, they may not understand risks and they certainly shouldn't be trusted to protect themselves :)
3. Uphold the law - You need to be able to set and enforce policies and you need to do this at your...