Oracle Database Users Lock Out Data Leak Security at Oracle OpenWorld

The IOUG survey found 17 percent of users said either some or none of their databases were securely configured. Another 15 percent were unsure. Though that bodes well, only 28 percent said “all” were configured securely. The remainder said “many” were.

Database monitoring is a way to ensure compliance with regulations and access policies, yet many respondents said they have super-users who escape database monitoring efforts. In addition, only 39 percent expressed confidence that those super-users could be prevented from abusing data.

About a third of the respondents said users can bypass applications and gain access to application data in the database directly using ad hoc tools. One respondent observed: “Privileged users that have access to the data sometimes pull that information out into departmental developed systems and manipulate the data for reporting purposes. At that point the data is out of the control levels available to ensure validity.”

Despite the gap in database monitoring, many respondents reported their top concern was an internal data breach. Second was abuse of privileges by IT staff.

Almost two-thirds said it was either highly unlikely or somewhat unlikely their organizations would fall victim to a data breach within the next 12 months. Some 82 percent said they were not aware of any data breaches occurring at their organizations in 2008. Only 6 percent said a breach had occurred, and 12 percent did not know if one had occurred.

Fifty-three percent classified database security as a “high” IT security priority at their companies. Twelve percent called it “low” priority or said they were unsure. The larger the company, the more likely database security is a high priority. Some 64 percent of organizations with 10,000 or more employees considered security a “high” priority. Forty-five percent with between one and 1,000 considered it “high.”