Organizational Issues Impede Database Security Efforts, New AppSecInc Security Survey Finds

Application Security, Inc. (AppSecInc), a provider of database security solutions for the enterprise, and Unisphere Research, today unveiled the findings from the "Data Security At An Inflection Point: 2011 Survey Of Best Practices And Challenges."  A detailed overview of the findings and the implications for enterprise organizations will be presented by Joe McKendrick, lead analyst for Unisphere Research, and Thom VanHorn, vice president, Global Marketing, AppSecInc, in a webinar on Tuesday, at Feb. 7, 11 am ET.

The survey polled 524 enterprise IT and data managers, and the results reveal that the greatest challenge to database security may actually come from organizational issues, rather than nefarious or accidental acts. In most cases, database security is overseen by both database and security teams, thereby yielding a disconnect in ownership responsibilities as well as a lack of consensus on top priorities. According to respondents, management - while showing increasing signs of threat awareness - continues to offer inadequate financial support.

"As the adversaries show growing boldness and escalate their database attacks, organizations must improve communications and quickly come to agreement on how to address database security policies and procedures," says AppSecInc's VanHorn. "This report, like others before it, provides strong evidence of the internal disconnect that continues to plague companies of all sizes. Until this issue is resolved, the escalation of database breaches will continue."

Significant to the study was that the vast majority of those surveyed (81%) indicated that data security risks posed to their organizations have increased over the past 3 years. Among those that feel there is a greater risk today, four in five acknowledged that the greater technical proficiency and overall boldness of outside hackers and other malicious third parties was the leading factor contributing to the growing challenges.

According to the survey results, a majority (51%) of respondents report that news of prominent attacks such as those by Anonymous and LulzSec has led to increased protection. Thirty-six percent of respondents increased audit frequency as a result of the more dangerous threat environment. 

Hacktivism generated additional security measures in 34% of the respondent companies due to increased concern among top management and board members. However, only 14% of companies in the survey reported additional funding for data security technologies and just 11% experienced additional staffing or consulting support. So, while there is increased management concern, it does not appear as if it has translated into additional support and commitment. As a result, DBAs and security pros are faced with the expectations of doing more with less.

"While it is evident from the survey's findings that awareness of the sophistication levels and threats of outside hackers has been heightened, enterprises continue to engage in lax database security," says McKendrick.  "Data security not only relies on good technology, but also effective and committed management. It remains unclear as to why management is unwilling to fully heed IT managers' warnings about impending threats to the business."

The six-part, 44-question survey explored and revealed information about the current state of database security across organizations of varying sizes across a wide range of industry groups.

For more information about Application Security, Inc., visit

Click here to register for the one-hour webinar on Tuesday, February 7, at 11 am ET.