Figure 1: Greatest Threats to Data Security
(Respondents indicating a high to medium risk)
Internal hackers or unauthorized users 63%
Malicious code/ viruses 49%
Abuse of privileges by IT staff 48%
Outside hackers 44%
Unprotected web applications 44%
Lack of management commitment/lax procedures 41%
Organizations are committing more resources to network protection than anywhere else, but the most serious damage is likely to occur at the database layer. While close to two-thirds of respondents say the bulk of their resources go to protecting against network intrusions, about 54% say an attack of the database layer would cause the greatest potential damage. An additional risk factor is the high number of data copies now proliferating across enterprises. Close to half of the respondents, 46%, indicate that they have three or more copies of production data across and outside their enterprises—including offsite backups and third-party storage sites.
Figure 2: Number of Copies of Production Data
One copy outside our production database 19%
Two copies 23%
Three copies 24%
Four copies 7%
Five or more copies 15%
Don’t know/unsure 12%
Half of respondents also admit they are still using live production data in settings outside the data center. In addition, despite any heightened sense of data security exhibited in recent years, there actually has been a surge in the shipping of live production data off-site since the first time this question was asked in 2008.
Figure 3: Copies of Live Enterprise Production Data Used Outside Data Centers
More enterprises are taking measures to prevent insider abuse, but only one-third fully have solutions and strategies in place, the survey also finds. The survey also indicates that preventive measures (i.e., encryption, masking/redacting, access controls) are still lacking—as they have been since the first survey in this series was conducted in 2008. However, there are glimmers of progress and greater awareness on some fronts. For example, 70% of respondents claim they know of all databases that contain sensitive and regulated data—a level that has increased from 52% in 2010.
About 70% of respondents encrypt data at rest on at least some databases to ensure personally identifiable information is protected. However, a much lower percentage, 20%, ensure that they have blanket coverage for all the databases in their organization.
Image courtesy of Shutterstock