The Escalating Stakes of Data Security

<< back Page 2 of 2

Figure 1: Greatest Threats to Data Security
(Respondents indicating a high to medium risk)
Internal hackers or unauthorized users    63%
Malicious code/ viruses    49% 
Abuse of privileges by IT staff    48%
Outside hackers    44%
Unprotected web applications    44% 
Lack of management commitment/lax procedures    41%

Organizations are committing more resources to network protection than anywhere else, but the most serious damage is likely to occur at the database layer. While close to two-thirds of respondents say the bulk of their resources go to protecting against network intrusions, about 54% say an attack of the database layer would cause the greatest potential damage. An additional risk factor is the high number of data copies now proliferating across enterprises. Close to half of the respondents, 46%, indicate that they have three or more copies of production data across and outside their enterprises—including offsite backups and third-party storage sites.

Figure 2: Number of Copies of Production Data
One copy outside our production database    19% 
Two copies    23%
Three copies    24%
Four copies    7%
Five or more copies    15%
Don’t know/unsure    12%

Half of respondents also admit they are still using live production data in settings outside the data center. In addition, despite any heightened sense of data security exhibited in recent years, there actually has been a surge in the shipping of live production data off-site since the first time this question was asked in 2008. 

Figure 3: Copies of Live Enterprise Production Data Used Outside Data Centers
2008    43%
2010    37%
2011    42%
2012    55%
2013    50%

More enterprises are taking measures to prevent insider abuse, but only one-third fully have solutions and strategies in place, the survey also finds. The survey also indicates that preventive measures (i.e., encryption, masking/redacting, access controls) are still lacking—as they have been since the first survey in this series was conducted in 2008. However, there are glimmers of progress and greater awareness on some fronts. For example, 70% of respondents claim they know of all databases that contain sensitive and regulated data—a level that has increased from 52% in 2010.

About 70% of respondents encrypt data at rest on at least some databases to ensure personally identifiable information is protected. However, a much lower percentage, 20%, ensure that they have blanket coverage for all the databases in their organization.

Image courtesy of Shutterstock 

<< back Page 2 of 2

Related Articles

5 Key Steps to Ensuring Database Security

Posted March 11, 2014

These days, companies have more and more of their applications and data being accessed through mobile devices. To enable secure access to sensitive enterprise applications and data on mobile devices, Oracle rolled out the Oracle Mobile Security Suite, which, combined with Oracle's existing Identity and Access solutions, aims to deliver an integrated platform for managing access to all applications from a complete range of device types.

Posted February 26, 2014

In many ways, IT protection is like a game of poker. There are two things you need to win: a strong ability to play and the best hand you can get. With the former, a lot of it comes down to knowing what not to do.

Posted February 20, 2014

Cloud computing is no longer hype; it is the reality today for most organizations because of the numerous benefits that it brings. There are three main deployment models for cloud computing—private cloud, public cloud, and a hybrid mix of the two. Here is a look at the risks and disadvantages with each of the cloud deployment models.

Posted October 09, 2013