When it comes to network security, the main focus is to of course protect your IT infrastructure. But if you had a choice, which is really important; the program or the data you have gathered?
At first glance it would have to be the data for sure. Software programs can be easily modified and replaced depending on the requirements of any organization. Database protection is important since without it, companies have no basis for analysis and comparison as far as actual performance and reference for clients stored in the database is concerned. If you had to rate both, it would be data first and software second.
There are other people who put premium on software of course. But this will depend on their contingency plan better known to most IT professionals as backed up or archived data. Normally this is so basic that you don’t need to remind anyone the need to have archived historical data in cases where system crashes or intrusions may occur. There will always be scheduled backups and archiving for any program using entity since these are valued and important as far as linking all transactions and tracing revenue.
But the actual safeguarding of these two IT elements is how you expose it. There are usually policies governing the actual level of exposure such as net presence or the use of external storage devices like CDs and floppy disks. Normally, these are discouraged but knowing people who are hard headed today, some of them still ignore these policies and even get away with it.