IOUG Data Security 2009 Report Published Today
By Roxana Bradescu on Sep 30, 2009
The Independent Oracle Users Group (IOUG) today released its second annual database security study, "IOUG Data Security 2009: Budget Pressures Lead to Increased Risks". The study conducted by Unisphere Research and sponsored by Oracle surveyed 316 members of the IOUG who oversee complex and multiple database sites, many with large volumes of data. Forty-two percent of those surveyed manage greater than 100 databases, and 20 percent manage in excess of 500 databases. The study found that companies made little headway in securing data over the past year. The economic downturn kept many companies from making necessary investments in security, while at the same time increases in outsourcing and off-shoring actually increased risks to enterprise data.
Among the key findings:
• There has been a 50 percent increase in data breaches since last year and growing wariness of the potential for data security problems. However, the uncertain economic climate over the past year has put a damper on the availability of funding and staff time to address these issues.
There is pressure to do more with less and unfortunately in many cases less is actually being done. Only 28 percent of respondents reported receiving additional funding for their data security budgets - down a third from a year ago.
• Managers see internal threats - such as access by unauthorized users - as more pressing than external hackers or viruses. Potential abuse of access privileges by IT staff also ranked highly as a perceived security risk and regulatory compliance issue.
Most organizations still do not have mechanisms in place to prevent database administrators and other privileged database users from reading or tampering with sensitive information in financial, HR, or other business applications. Most are still unable to even detect such breaches or incidents.
• Outsourcing of database administration, development and testing functions has increased by up to 40 percent over the past year. More outsourcing and off-shoring without adequate security has also resulted in organizations unintentionally exposing data to additional risks.
• Close to half of organizations employ actual production data within non-production environments, thereby exposing this information in unsecured settings. To make matters worse, there has been a decline in companies "de-identifying" such sensitive data. A third even ship live un-encrypted production data offsite.
• Overall, corporate management is still complacent about data security. One out of four cited lack of management commitment and lax procedures. Efforts to address data security are still ad hoc and manual. Organizations are not addressing database security as part of overall database security strategy and making the most of limited budgets.
You can download the full report here and join us for a complementary live webcast on October 06, 2009 at 1:00 pm PDT, 4:00 pm EDT hosted by the IOUG to discuss the survey findings and cost-effective solutions to mitigate risks to enterprise data and Oracle databases.
Register now and receive the special white paper "Investing in Database Security Pays Off" when you attend the webcast. This whitepaper includes exclusive survey results that quantify the costs of "data insecurity" and solutions organizations can deploy today to reduce the cost of securing their data and achieving regulatory compliance.