The Security Risk Within

If you've been following news reports about the ongoing WikiLeaks saga, you've no doubt noticed that it is a trusted insider, an army intelligence analyst, who is believed to be responsible for downloading the sensitive documents and handing them over to WikiLeaks.

Too often it seems, threats to data security from far outside the firewall are overemphasized, while risks that exist due to routine practices such as the shipment of live production data to development teams and outside parties, or insufficient monitoring of data access by insiders may actually be more likely to cause an organization problems.

New research shows that data security efforts are recovering from the recent economic downturn, and budgets are on the upswing. However, while companies continue to place a high priority on security, according to a survey of 430 members of the Independent Oracle Users Group (IOUG), conducted by Unisphere Research, many are not taking proactive steps to address the most likely sources of security breaches-internal administrators and privileged super-users. The survey finds that 43% of companies have increased their IT security-related spending, up from 28% in last year's survey and 41% in the 2008 survey. Only 9% say spending has actually decreased.

Close to one out of three respondents to the IOUG survey, sponsored by Oracle, say it is highly likely that a data security breach could occur within their organizations over the next 12 months. It may only be a matter of time before organizations or their customers are victimized by a serious security breach, which doesn't have to come from a hacker in Eastern Europe, but could be caused by a trusted employee within the enterprise or an outside partner. "We plan to encrypt backups soon-it just hasn't happened yet," one respondent relates. "I suspect that Social Security numbers will soon have to be encrypted in the database, but so far management has not put a priority on that issue. Our greatest risk is probably that of a rogue employee running amok. We'd know about it soon enough, but it might be too late to avoid serious damage."

Read more in Joe McKendrick's Research@DBTA article in the December E-Edition of DBTA.

To stay on top of all the trends, subscribe to Database Trends and Applications magazine.