|
|
A recent survey of 316 members of the Independent Oracle Users Group paints a troubling picture of database security. As it turns out, respondents this year have taken a number of steps back when it comes to protecting sensitive data, even as a higher percentage reported experiencing data breaches. The key issues—failure to manage privileged access, a lack of encryption and an over-reliance on manual or ad hoc approaches to database security.
Overall, the level of security has slipped when compared with last years survey. Whether its due to not enough being spent on security or policy enforcement, the survey shows IT professionals have their work cut out for them.
|
|
|
|
- Database Security Shortcomings Raise Red Flags
by Brian Prince - Data Breaches Galore
Roughly the same percentage of people in the 2009 survey declared a data breach was either "inevitable" or "somewhat likely" as they did a year ago. However, the report also found that 9 percent had experienced a data breach over the past year—a slight increase from 2008, when it was 6 percent. - Database Security Priorities
The survey only found a slight change in database securitys rank next to other IT security priorities. But the drop-off here is also taking place in the context of a slowdown in security spending. Thirteen percent said their security budget decreased, as compared with 4 percent in 2008, and even though 28 percent reported a spike in their security spending, that compared with 41 percent last year. - Secure Configurations for the Database
Some 25 percent said all their databases were securely configured, which was a drop-off of 3 percent from last year. While 40 percent said "most" of their databases were configured securely, it should also be noted that the percentage of people who said they were not sure where all their sensitive data is located jumped by 8 percent. - Securing Super Users
Even as data breaches such as the one that occurred at LendingTree underscore the dangers of the insider threat, the survey shows that many organizations have not made much progress in safeguarding against abuses by privilege users. - Users Bypassing Applications and Accessing Application Data
More than a third of users can access application data in the database using ad hoc tools. - Outsourcing and Security
There has been a slight increase in outsourcing of database administration, most likely in response to the economy. However, the percentage of unencrypted databases being sent offsite crept up as well. - Encryption Not Being Deployed
More than 40 percent said they do not encrypt their online and offline database backups and exports. About a third said they did some limited encryption of the data. - Native Database Auditing Used to Monitor Database Activity
The figures here are roughly the same as in 2008. However, just 42 percent said they would be able to detect an unauthorized configuration change on most of their databases. That compares to 51 percent last year. - Monitoring Production Databases
IOUG speculates that budget cuts and a lack of resources may account for the discrepancies between 2009 and 2008 found here.
|
�������xڽZ[s۸�~~�d_nw7�ŗXbw�IHB��,�JV��eS�j�y�|8�o�i�&4�oAu�B�>�K9�lHbc.!KvfzC7o`�`ƛV�YQ|v$�UK*7�-;RL�DL1OwҨxLO^>.B࿎F�:���|=F#mX021q�#�yF.#An{R�7Yh[((6j{A،L���QLD�ruzH&$fvȿ�+����|>o~QLg\�M�<4#9
"��L7'f*Ή{'_t�t6g�4Wln(3сױ1,�?ۈnS3�a�ܰ)M�)vtZ4ܪwP臑WhNd�m�\)I�;-<><:�1)+Vʢ M�&x9tKS:f:bL��ÃnF1>�PC
�';�!{0#p\V5�Ra�5�G\攪1O|؈{G{(�a(;}�eq+)P�0nC�-U�̥z�U\Ɋn�'p�`� Ձ
^2R`-*��T� հq셜Þݙo&)?���>d R_�E!*aR= �>I�qv*
.[1aCuTD,O4͌3�Ky �W&�?�׀c:�sBrZ)ĺQĴdv-[�9Ϛ 7s.9n
�ٝօr�I�/ �ah��~I%_zlgŎv�jf�]f�fSO0[h>\
!I$STؖN�
ik'?aWy�Qq�& XR?Ó,)uN~t@���|@>��c/1)rd|�>s\�Mb�SH�;�{�$+}7i�c�q�D�8 +9�(<
^0Z�V� ��{7Ve�Lt"�dY>� "6#�h9p\+ɻt�qO@�"f.[㑙C�B0e�_�.Ն^ovﶍ#+𫄐Х$^�X�r:=
vA͘�wsN%!�JfI+knsqeQ�ap�S�#���Z7�>g6�7c�
3O�#�$��vjڧD�w�%
vӂ��ֽ�WˆלWestOuO~)\9c.��4ga-q�
a�cp+)=�jѤ:�>*7p}SU��A^8/V��K@V�nc�F��јf�TT>�g�_�Y#xO3+�(XP.�u1sg�ֽ]0?� �V|ț�jUxמ�o4g{l
qEig��`oiXI%k#x`+,B!�S]O�LmSg�NVӪ2�讞]BU:���m-.�U��3g`GG�*a�r�;LmTkq�ء�9��j[Xo�2cQ�J�v�V_�ܔ�&˼C]`I`z#p7PD'RMApuP�y#�y&յy8$Pc.kEb
�oDz j�*cnW~#�Z3�H䈘 �M؞(�.�D-bt7��"�)t�h8ɗn�&�5 ;όF�)xp98R.'2]([y�w~��ޑZuU�)RX^c݆��̪f�;OY�*@Λ�5`(�3<>яv&NXyB�)@
SPp�xdMADfTaz8�a��k`�9� &�*nZS�4,PB
qٓu"f�I^K�erDd�T!Ǫl�o�r AmkB� Cs.)�(i��ͩu ?YdbPds[�6d$ͺ4X9X���$��ww�v��3�]�»C.0x`
���acmA4sǑg,Rm�.!����?^>qL玩&G
�\01cX{�}=+�rx>�qek�ZFEbp\|rv�P~|x{/:
�L"s}{z�a��p�'xtOO{W��p
�QXa,m7:~y�3N�e`�)7}x/�\t|�Z�h3�Ow�?7mXΊF+c+�Ѩ�~=ŴYI2UeTF,7vZFS��Ƽ
ܟ.^�:��w%16:�tq@N㭲P�ƫ�zD>,��
|
Network Security & Hardware 
See All Slideshows