Enterprises ignoring database security

By Clement James on Jun 6, 2007 12:44 PM
Filed under Security

Database managers caught between a rock and a hard place, says report.

Almost half of large enterprises are ignoring key database security issues, research released today has claimed.

The allegations were made by database security provider Application Security Inc in a survey by privacy management consultant the Ponemon Institute.

The report highlights an "organisational disconnect" between the realisation of security threats and the process of addressing those threats.

Large enterprises are juggling ways to protect data from misuse by external and internal forces, while expanding access to the same data to drive business initiatives.

The Ponemon Institute surveyed 649 users in corporate IT departments worldwide with more than seven years' experience in the information security field.

More than 60 per cent of the respondents work within corporate chief information officer or chief technology officer departments.

Forty per cent of respondents said that their organisations do not monitor their databases for suspicious activity, or do not know whether such monitoring occurs.

Notably, more than half of these organisations have 500 or more databases, and the number is growing.

Trusted insiders' ability to compromise critical data was cited as the most serious concern. Some 57 per cent believe that their company has inadequate protection against malicious insiders, and 55 per cent for data loss by internal entities.

Around 78 per cent believe that databases are either 'critical' or 'important' to their business, and that customer data represents the most common data type contained within these databases.

Furthermore, customer/consumer and employee data ranks third and fourth respectively in regard to organisations' prioritisation of what must be protected.

"Data can be monetised quickly and the bad guys know it," said Larry Ponemon, chairman and founder of the Ponemon Institute.

"Organisations that fail to protect their data effectively are proving easy targets, often left to contend with considerable damage to their reputations and financial results."

Toby Weiss, president and chief executive at Application Security Inc, added: "Unless organisations directly protect their databases, everything else they are doing for data security is on shaky ground."