New Oracle-Sponsored Study Highlights the Need for More Vigilant Enterprise Database Security
81 percent see privilege abuse and human error as the greatest risks to enterprise data, but lack the necessary security controls and safeguards
Redwood Shores, Calif. – November 11, 2014
Data breaches cost organizations millions, damage their reputation, and result in lost customers and business opportunities. A new survey of 353 Independent Oracle Users Group (IOUG) database and IT professionals examines the state of enterprise database security, where the biggest risks lie, and how organizations can improve upon their security strategies.
The survey, conducted by Unisphere Research and sponsored by Oracle, polled 353 IOUG database security managers, database administrators, and directors or managers of IT in companies spanning various industries including IT services, government, education, utilities, transportation, and financial services.
Although the survey results show that organizations have a high commitment to enterprise security, it spotlights how ill-prepared most organizations are to both internal and external threats.
Overall, the survey results indicate that organizations have weak preventive, detective, and administrative security controls, including limited internal controls on privileged users, lack of knowledge of where sensitive data resides, and inadequate monitoring of privileged-user activities.
While 58 percent of respondents noted that databases were the most vulnerable part of their IT environment, the majority invested in securing areas of less risk such as the network, servers, and desktops.
More than three-fourths (81 percent) of respondents see human error as the greatest risk to enterprise data, followed by a fear of inside attacks (65 percent). Other concerns included access privilege abuse from IT staff (54 percent) and malicious code and viruses in their systems (53 percent).
Despite these human risks, many respondents indicated they have relatively few safeguards in place against accidental or intentional staff abuse. Alarmingly, almost 40 percent of those surveyed admitted to not knowing which databases had sensitive or regulated information and 71 percent lacked safeguards or were unsure if any were in place to combat accidental harm to databases and applications. Today’s complex data environments may be affecting respondents’ abilities to implement comprehensive data protection efforts.
Only 18 percent of respondents encrypt data at rest on all their databases. Further, only 46 percent of the respondents were redacting sensitive application data, leaving the rest open to casual users of those applications.
Despite the well understood risks with proliferation of production data to non production environment, 45 percent of respondents use copies of production data for test and development and 41 percent of them have three or more copies of production data.
“We are in the age of mega-breaches—where breaches in the millions are becoming commonplace. For most organizations, it’s no longer a matter of ‘if’ an attack will occur, but ‘when,’” said Vipin Samar, vice president of database security, Oracle. “This survey highlights that many enterprises lack proper database security controls, and under the current heightened threat environment, they simply cannot afford to wait. It’s more important than ever for organizations to have actionable data security strategies in place to properly manage sensitive customer and organizational data.”
“This survey is a powerful tool for both learning and educating, putting a fine point on the key security issues that keep superhero DBAs and their management awake at night. Exercising extreme data security diligence and data breach readiness is no longer an optional concern but rather a cost of doing business,” said John Matelski, President of the IOUG. “The survey highlights the insight and breadth the IOUG community of professionals contributes to the marketplace across sectors, professions, and geography.”
Oracle engineers hardware and software to work together in the cloud and in your data center. For more information about Oracle (NYSE:ORCL), visit www.oracle.com.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.