2010 IOUG Data Security Study Finds Awareness of Internal Threats but Little Being Done to Mitigate Threats

Data security is a key concern for all organizations today, and companies understand that there can be severe repercussions to ignoring or undervaluing information security.

Yet, among the troubling findings uncovered in a new survey by the Independent Oracle Users Group (IOUG), many organizations do not have a means to prevent privileged database users from reading or tampering with data in their databases. The survey was conducted in May 2010 by Unisphere Research, a division of Information Today, Inc., and was sponsored by Oracle Corporation. Prior to this survey, a study of the IOUG members' information security practices was first conducted by Unisphere Research in 2008, and then again in 2009.

According to the survey of 430 IOUG members, two-thirds of respondents admitted that they could not actually detect abuses, or prove that DBAs and other privileged users were not abusing their privileges.

However, DBAs and other IT professionals aren't the only people that can compromise data from the inside. An end user with common desktop tools can also gain unauthorized direct access to sensitive data in the databases. Close to half of the respondents say this could happen in their organizations, or that they don't know if it could.

Although funding for IT security is improving, most IT security programs fail to address the threats to databases, the survey found. While half of respondents would consider their company's level of commitment to be "high," close to one out of six - 17% - represent their company's commitment to database security as low, or simply aren't aware of a commitment. Another one-third of respondents rank IT security as a lukewarm "medium."

Overall, two-thirds of respondents indicated they either expect a data security incident at their organization that they will have to deal with in the next 12 months, or simply don't know what to expect.

The executive summary of this study is publicly available from the IOUG, and IOUG members can log in to access the full report.

To stay on top of the latest trends, subscribe to Database Trends and Applications.