The world of enterprise data needs a hero with superpowers to help guard information from the risks stemming from cybercriminals outside an organization as well as adversarial – or simply careless – insiders with trusted status. According to a new report produced by Unisphere Research and sponsored by Oracle, that individual already exists – the DBA.
Based on a survey of 353 IOUG data managers and professionals, the new IOUG report, “DBA-Security Superhero, 2014 IOUG Enterprise Data Security Survey,” makes the case that database security has risen to a top business challenge and now is the time for DBAs and security professionals to join forces to enforce data privacy, protect against insider threats, and address regulatory compliance requirements. No other type of professional is better positioned to address data security issues than data professionals.
IT and data managers can play a pivotal role in enterprise security since they can provide information to their businesses on where the primary threats are, and how to reduce or eliminate them.
According to the survey report authored by Unisphere analyst Joe McKendrick, more respondents believe a data breach is inevitable than believed so when the first study of this type was first conducted in 2008. In 2008, 20% of respondents predicted a breach to be likely while in 2014, that percentage rose to 34%.
The survey found that human error continues to be perceived as the greatest threat to enterprise data (81%) up from last year (71%). This was followed by a fear of insider hacks (65%) up from last year (63%), and 2010 (57%).
Other areas of perceived risk include abuse of access privileges by IT staff (54%) up from last year (48%).
While there is concern about the data risk presented by outside hackers, the study notes that insider threats remain the greatest problem, pointing out for example that although the well-known Target breach of 2013, was successful due to an outside hacking group, it has been speculated that a trusted contractor may have unintentionally enabled the opportunity.
As far as which parts of an enterprise system are most vulnerable to security hits, respondents to the survey believe it is databases, with 58% saying this is where the greatest precautions need to be taken, followed by the network, then server and storage infrastructure. However, these risk areas are not funded according to greatest perceived risk, since most companies allocate the highest t level of resources to networks, followed by servers, and then databases, and a majority also say a large amount of resources go to locking down desktops- although they are not seen as posing a great risk to data security.
The report notes that as stewards of sensitive customer and organizational data, it is the database group that must step forward to educate the business on what can be done to protect critical data, and that an opportunity is emerging for DBAs and security professionals to lead the enterprise to action.
The executive summary of the survey report is publicly available, and the full survey report is available to IOUG members from the IOUG website.