I come across this barrier all the time. Basically, you have to "sell" upper management on information security in general. To do this, you need to understand the psychology of "sell." This is not focusing on fear, uncertainty and doubt, but rather an understanding that the management has three options: buy into your recommendation; buy into another recommendation; or not buy in at all. Unfortunately, too many managers are not buying in at all, usually because the people that are pushing security are not adequately prepared or presenting their case in the right context.
Present ideas casually at first. For example, mention potential risks or highlight prospective tools on an informal basis -- this can help managers buy into ideas later on.
Listen to the Storage Security FAQ audiocast here.
Go to the beginning of the Storage Security FAQ Guide.