Survey finds database security lacking

IT decision makers labour under misconception that sensitive data is secure, but levels of database security and regulatory compliance tell a different story.

A survey released today claims IT decision makers are fooling themselves that their organisation's sensitive data is secure.

Nearly 84 per cent of 179 IT decision makers in large (1,000 employees or more), global enterprises believe that all or most of their confidential data is protected.

But the database security controls research report produced by database security vendor Application Security, in conjunction with analyst firm Enterprise Strategy Group, said this perception around data security was disconnected from reality.

This is because the same respondents noted they failed major enterprise-wide and industry specific security audits more than 33 per cent of the time, including those to become compliant with the likes of Sarbanes Oxley (SOX), Basel II and Payment Card Industry Data Security Standards (PCI DSS).

Advertisement - Article continues below

When questioned about where most of their organisational data resided, just over 55 per cent stated that customer and employee information was housed on databases as opposed to file servers, desktops or email systems.

But 63 per cent of respondents claimed that their organisation's database security depended upon manual processes alone, meaning they're always one step behind attackers, according to Tom Bain, Application Security's director of communications.

"Businesses are being reactionary in their attitudes to data security and not mapping security and compliance requirements closely enough onto their business goals," he said.

"Those automating key process around database access and privileged activity monitoring are already ahead of the game, especially when criminals will target confidential data more in this global economic downturn."

A reliance on manual controls belied the fact that nearly 75 per cent of those surveyed also believed the number of database-focused attacks would increase in 2009, with the majority of respondents stating that insider threats are the most likely.

"These are global enterprises with massive IT organisations and thousands of database applications. All it takes is one insecure application or one unpatched server for a breach," added Bain, in response to the research finding that over 60 per cent of those surveyed admitted they had suffered at least one data breach in the past 12 months already.

Bain concluded: "The survey proves that it's not just about technology, but about taking pre-emptive action and making sure companies have the right people, policies and processes in place too."

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now



Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Business strategy

The pros and cons of net neutrality

4 Nov 2019

Salesforce takes AWS relationship to the next level

19 Nov 2019

Microsoft issues statement debunking Teams ransomware rumours

21 Nov 2019

Tests show UK's 5G network is 450% faster than 4G

20 Nov 2019