Database Security, Budget Top Admins Concerns, Oracle User Survey Says

1 of 11

Database Security, Budget Top Admins Concerns, Oracle User Survey Says

by Brian Prince

2 of 11

Database Security on the Menu

In an era of data breaches, database security is on the radar for many organizations. Still, some 17 percent of the respondents said either they don't know how important database security is for their company or their company's interest in it is low.

3 of 11

Compliance Factor

Many people said their organizations are bound by industry compliance regulations such as the Payment Card Industry Data Security Standards (PCI DSS).

4 of 11

Encryption Woes

But despite the pull of compliance regulations, many organizations are not encrypting personal data or online and offline database backups and exports. In addition, 32 percent said they send unencrypted database backups or exports offsite.

5 of 11

Sensitive Data

Thirty-seven percent of respondents said their organizations use live data in non-production environments. Seventy-two percent use either old information or sample data provided by the application vendor or developer, and only 28 percent said their live or old production data contains sensitive information.

6 of 11

De-identifying Data

Thirty percent said they use de-identified production data in non-production environments, an increase from past years. Most, however, employ ad hoc or custom scripts to do so, something the report called "costly and error-prone."

7 of 11

Wheres Waldo?

Nearly half of all respondents said they do not know how many databases in their organization contain sensitive information.

8 of 11

The Threat Landscape

There is growing concern about insider threats due to users abusing their privileges.

9 of 11

Preventing Internal Abuse

Almost 80 percent of respondents reported either there are no safeguards to protect against accidental breaches or they aren't aware of any. When asked for specific techniques, most cited after-the-fact measures that would remedy the situation, but not prevent it, researchers found.

10 of 11

Database Monitoring

Only one in four respondents said their organizations use automated tools on a regular basis to monitor their databases. Thirty-three percent said it would take between 1 and 24 hours to detect an unauthorized change to the database. Ten percent said it would take between one and five days; 6 percent said it would take longer.

11 of 11

Patch Management

Many organizations are a step or more behind in applying critical patch updates, leaving open security holes that could be exploited by attackers.

Top White Papers and Webcasts