I think Data Security is an obvious winner -- because it's a risk. But my experience is that teams are generally thinking closely about the security of their own data. But I think what is missed is the services in the environment that may be shared between different teams. Things like virtual firewalls, or gateways that everyone assumes "someone else" is looking after. Layer into that the use (or abuse) of service accounts, and then the vector for your data breach becomes your shared resources. We leverage CloudHealth to manage our costs, and use tagging to ensure that all assets/resources are assigned to an owner. That owner is then responsible for ensuring the security/patching of that asset/resource. It's not perfect, but it's a good start.