Here?s an area in need of great process improvement:? Many IT and data managers feel that there is a wide
disconnect between the individuals charged with ensuring database
security and their corporate management. While database professionals
and managers are expected to oversee information security, many are not
aware of the levels of corporate commitment.
What did come as a
bit of a surprise is that the vast majority of respondents (73%) feel
that most or all confidential data is adequately protected and more than
half (56%) believe that it is unlikely that they will face a data
breach ? internal or external ? within the next 12 months. Just 2% cite
that the likelihood of an internal or external breach in the next year
is ?inevitable?.
These are some of the findings from a new survey (registration required) survey I helped conduct and write as part of my work with Unisphere Research and the International Sybase Users Group (ISUG). The research, underwritten by Application Security, Inc. (AppSec) covered 216 companies.
When you look at the survey results as a whole,
some of the data just doesn?t add up. On one hand, users feel that they are
doing an effective job in providing data security for their
organizations, yet the data from some of the more pointed questions
yield answers that are in direct conflict with that notion. This false
sense of security could very well prove to be the most significant
finding across this user group survey.
The findings reveal that the greatest challenges or risks to database security are thought to come from insiders, via human error or abused privileges, as opposed to external hacker activity. Significant to the study was the representation from financial services organizations, which accounted for nearly 25% of the total respondents in this survey.
According to the report, 56% of the non-financial services respondents feel that human error represents the greatest challenge or risk to database security while 24% state that abuse of privileges are the greatest threat. Showing the heightened awareness of the insider threat in the financial services marketplace specifically, 77% are mostly concerned with human error and nearly half (48%) are kept awake at night at the thought of insider privilege misuse.
Among the respondents aware of a data breach that occurred over the past months, two-thirds (66%) indicate that it was a result of either human error or an insider attack.
Other alarming findings suggest that most organizations are still not leveraging automated technology to handle complex database security activities, which can lead to significant wasted time and a far greater chance of human error caused by the tedious task of managing manual processes.
The database activities consuming the most time (with more than 25% of user time dedicated to the activity) according to the report are; database configuration and patch management (28%), database audit and threat management/database activity monitoring (18%), database user rights management (17%), database asset management (14%), database vulnerability management (13%) and database policy management (11%).
Article source: http://www.ebizq.net/blogs/soainaction/2011/05/data_security_a_highly_dysfunc.php
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.