Database Security Needs More Vigilance

Privilege abuse and human error are among the greatest risks to enterprise data but few companies have the necessary security safeguards.
Published: Mon 05 Jan 2015

Cyber security is frequently written about on Engerati, with the context generally regarded as being towards external threats. But a recent survey from Oracle has shown that internal threats may be no less significant.

Out of 353 companies surveyed, more than three-quarters saw human error as the greatest risk to enterprise data, followed by a fear of inside attacks cited by two-thirds. Malicious code and viruses in their systems, cited by just over half, ranked alongside the concern of access privilege abuse from IT staff.

Enterprise data security

Data breaches cost organizations millions, damage their reputation, and result in lost customers and business opportunities.

However, the survey found that relatively few safeguards are in place against accidental or intentional staff abuse. Alarmingly, almost 40% of those surveyed admitted to not knowing which databases had sensitive or regulated information, and almost three-quarters lacked safeguards or were unsure if any were in place to combat accidental harm to databases and applications.

Only 18% of the respondents encrypt data at rest on all their databases, while less than half redact sensitive application data, leaving the rest open to casual users of those applications

Further, and despite the well understood risks with proliferation of production data to non-production environment, almost half of the respondents use copies of production data for test and development, with most of these having three or more copies of production data.

“We are in the age of mega-breaches – where breaches in the millions are becoming commonplace. For most organizations, it’s no longer a matter of ‘if’ an attack will occur, but ‘when,’” said Vipin Samar, vice president of database security at Oracle. “This survey highlights that many enterprises lack proper database security controls, and under the current heightened threat environment, they simply cannot afford to wait. It’s more important than ever for organizations to have actionable data security strategies in place to properly manage sensitive customer and organizational data.”

Security Superhero

The ‘Security Superhero’ survey was conducted among database security managers, database administrators and directors or managers of IT in companies spanning various industries including IT services, government, education, utilities, transportation and financial services.

Notably almost 60% of the respondents in the survey noted that databases were the most vulnerable part of their IT environment, but the majority were investing in securing areas of less risk such as the network, servers, and desktops.

6% of the companies surveyed had a data breach in the past year while 23% didn’t know or were unsure if they had one. However, a third of the companies believe a data breach is likely over the next 12 months.

Further reading

Oracle: DBA – Security Superhero: 2014 IOUG Enterprise Data Security Survey

Engerati-Data security in smart grid - why design for security is an absolute must