New ISUG Data Security Study Finds Troubling Disconnects in Awareness and Best Practices

There's a wide disconnect between the individuals charged with ensuring database security and those in corporate management at those organizations. And while database professionals and managers are charged with overseeing information security, many are actually not aware of the level of corporate commitment.

This is a key finding from the "2011 ISUG Report on Data Security Management Challenges," based on research conducted among ISUG members by Unisphere Research, a division of Information Today, Inc., and sponsored by Application Security, Inc. The study drew responses from 216 data managers and professionals, and the full 37-page research report is being offered as an ISUG member benefit.

More than one-quarter of respondents to the survey came from very large organizations with more than 10,000 employees, but there were also a significant number of small to medium businesses represented as well. The largest industry segment of respondents, 24%, came from financial services firms, while 15% represented software or application firms, and 13% represented systems integrators or consultants.

Despite reports of data breaches involving personally identifiable information such as Social Security and credit card numbers becoming almost commonplace in the news, and the awareness that this information is often exposed not as a result of outside hacking but rather a failure to take precautions internally, only a minority of companies participating in the survey say they have adopted the best practices required to help ensure that data is protected, or are regularly monitoring and auditing for security breaches.

A majority of respondents admit that there are multiple copies of their production data, but many do not have direct control over the security of this information. Only one out of five respondents can say that their organizations take proactive measures to mask or shield this data from prying eyes.

Adding to data security complexity, a majority of respondents indicated that they run highly diverse data centers with other databases along with Sybase ASE included in their mix. And, many also have sizable data stores, with one out of 10 respondents saying their data tops the 10-terabyte mark.

To access the report, visit the ISUG website and log in with your user name and password.