Ponemon Institute Releases Yearly Database Security Survey

Jul 24, 2007 4:01 PM

Technological advancements allow enterprises to be efficient and connected in ways that were not possible in the past. This increased connectivity provides many benefits, but has also left businesses increasingly vulnerable to threats from outsiders as well as entities within their organization. As a result of these challenges, enterprises wrestle with how to protect their intellectual property and prevent the remediation costs and damage to brand that can result from unintended exposure of customer and employee data.

Application Security Inc. and the Ponemon Institute have conducted an inaugural study on database security to document how business and government organizations secure database resources and respond to targeted threats. The survey queried 649 respondents in corporate information technology (IT) departments within United States and overseas-based business or governmental organizations.

The survey focused on four key issues:
What does the IT environment look like within organizations? Do size and complexity play a part in determining priorities?
How critical is the need to deploy database security measures to protect sensitive or confidential information?
How important is database security relative to other information security measures or practices?
What are the priorities that drive database security initiatives within business and governmental entities?

Key findings of this survey include:
* Trusted insiders remain a significant, and largely unmonitored risk
* A majority of organizations do not have the technology or processes required to effectively manage against insider threat
* Due to perceived business value, many large organizations assign lower priority to the protection of customer and employee data versus intellectual property
* The vast majority of data exposed in the past two years has been confidential customer and employee information
* Over 95 percent of respondents would value solutions that enabled them to understand and prioritize database security needs within their organization.

The survey found that "trusted" insiders' ability to compromise critical data is the most serious concern for respondent organizations. Despite this concern, 57 percent of those surveyed do not believe that their organizations have taken adequate measures to protect against malicious insiders and 55 percent do not believe that they have taken adequate measures to protect against "data loss."

The survey also found that despite being aware of these threats, inadequate protection of corporate databases is the norm rather than the exception. Forty percent of those surveyed do not have the mechanisms in place, or are unaware of whether databases are monitored for suspicious activity. This shortfall can be attributed to the massive scale of corporate data stores and the lack of IT resources.

Eighty-eight percent of those surveyed manage greater than one hundred databases and a majority of respondents manage in excess of 500 databases. Although organizations experience continued and rapid data growth, 54 percent of the IT organizations surveyed plan no or only slight staff increases in the coming year.

To read the entire survey, visit www.appsecinc.com/techdocs/whitepapers/2007-Ponemon-Database-Security-Study-Sponsored-by-Application-Security-Inc.pdf.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue