A modest proposal
If your team is asked to provide more than a handful or two of security requirements across your enterprise, in all likelihood they are probably not doing a bang-up job in meeting those requirements. If the different clients and applications share the same physical network, then it's highly likely some of the security boundaries are being mixed up and crossed. Who can blame the IT staff? They were given a nearly impossible job. Every additional set of security requirements increases the workload proportionally, if not exponentially. Every additional set of requirements means more configuring, more monitoring, more of everything -- except real security, of course.
The only way to improve the situation is to collapse the number of security domains into a broader range of "security bands" that meet the common requirements. Then classify all the security requirements into the smaller subset of bands.
For a simple example, suppose different clients and applications have different storage archive requirements. Client A says you must save all e-mails for seven years. Client B says e-mails containing company information must be saved for five years. Client C wants executive e-mails saved for seven years and all other company e-mails saved for three years. Client D wants all e-mails saved forever. Client E says all e-mails must be dumped after one year. All other clients, numbering in the dozens, have not yet defined an e-mail archive policy.
How many security bands do you make? Make two, maybe three at the most. Hard drive space is cheap. The biggest expense of any e-mail archive solution is the initial purchase. Cut out most of the different security requirements by making one big security band that keeps all e-mails forever. If you're not required to purge, don't. By keeping all e-mails, you meet the security requirements of all clients except Client E, who must be handled differently. You could even create a third category of e-mail archiving where you save e-mails for seven years and then delete, thus saving some money and hard drive space.
Me, I'd keep it to two and just tell management the cost of doing so. It might even mean charging clients for the additional storage or archival costs and surely will result in increased retrieval times when e-mails are requested. But by reducing the number of security requirements from five or more to just two, you've increased your ability to manage more efficiently and effectively. And this means decreased security risk.