The latest IOUG study on database security finds that there are measures that need to be taken to safeguard data from internal abuse; however, preventing privileged users from negligence or malfeasance is a serious challenge. According to this year’s study, human error has beat out internal hackers or unauthorized users as the biggest security risk. In addition, more than half of respondents say their organizations still do not have, or are unaware of, data security plans to help address contingencies as they arise. These enterprise data security challenges, and more, are highlighted in the survey of 350 data managers and professionals. Underwritten by Oracle Corporation and conducted by Unisphere Research, a division of Information Today, Inc., it covered progress within three key areas of database security - prevention, detection, and administration.
The full research report, authored by Joe McKendrick and titled “Closing the Security Gap: 2012 IOUG Enterprise Data Security Survey,” is available now.
Exacerbating data security challenges, according to the survey, many organizations are managing more than a petabyte of data, which gets copied and proliferated for development, testing and backup. And though data centers have safeguards and best practices in place to protect data, there are no guarantees of whether other departments, business partners, or outsourced environments have the same rules and protocols.
Increasing the risk of data breaches is the fact that many organizations have multiple copies of sensitive, unencrypted production data moving both within and outside their enterprise, increasing the risk of data breaches. Less than a third of respondents encrypt all sensitive data on disk or in motion. More than three-fifths of respondents send actual copies of enterprise production data to other sites inside and outside the enterprise.
According to the study, a majority of respondents actively collect native database audits, but there has not been a significant increase in the use of automated tools for comprehensive auditing and reporting across all databases in the enterprise. In addition, this monitoring is sporadic — most would not know if their data had been breached or corrupted by an insider.