Database Security in the Dark

Wednesday, November 17, 2010 @ 03:11 PM gHale


A database is one of the most important entities any company owns, and a new study shows 20 percent of database administrators or managers fear their organizations will experience a major data breach over the coming months, but few are aware of the potential costs to their organizations.
Sensitive corporate data is open and vulnerable to tampering and theft because of a culture of complacency that hampers information security efforts, according to the survey.
Database administrators and managers in the study reveal they are working in the dark when it comes to overall information security, lacking effective organizational support, and tools to better identify and prevent potential problems.
PASS, the Professional Association for SQL Server, conducted the survey amongst its 761 members in September 2010. Application Security Inc. conducted the survey.
Key highlights from the report:
• While few organizations are cutting back on data security spending, there is great uncertainty as to the depth of organizational support. Database managers and professionals —the group most likely charged with data security—are largely unaware of the scope of budget support, suggesting a disconnect between corporate management and technology teams about data security priorities.
• One in five respondents fear their organizations will experience a major data breach over the coming months, but few are aware of the potential costs to their organizations. Among those respondents that are aware of where data security breaches have occurred, they cite a pattern of inside abuse and errors.
• While there is a considerable amount of personally identifiable information present at respondents’ sites, many respondents report there are few controls to protect the data. In many instances, multiple copies of this data—including live production data—is frequently sent offsite.
• These days, data security is far more than just a technical issue. A majority of respondents say their organizations feel the affect of government and state mandates that require more judicious data management practices. However, respondents report they don’t have or aren’t aware if security audits are in place to meet more rigorous standards.
• There is little monitoring for security issues going on, and few respondents report they are adopting security patches as they become available.
Respondents to the survey have a variety of job roles and represent a wide range of company types and sizes. The largest segment of respondents has the title of database administrator, followed by IT managers and developers. About one-quarter come from larger organizations with more than 5,000 employees, and another one-quarter from smaller companies with fewer than 100 employees.



Leave a Reply

You must be logged in to post a comment.