If you are corporate, and worried about this, then the "smart" thing to do is outsource it to someone else - let them take the risk so that you have someone to blame when (not "if") it happens. You see this type of behavior all the time in the corporate world.
Biting the hand that feeds IT
