Database Security Is Not Being Taken Seriously Enough
See where modern database security falls short, ranging from monitoring to credentials, and why that's not a trend that should continue.
Join the DZone community and get the full member experience.Join For Free
A breach in your database security can be disastrous, costing millions of dollars, breaches of privacy, and the loss of jobs. It can lose your company the trust of its customers, and ultimately, their patronage. However, despite its importance, according to a new report from Osterman Research and DB Networks, it is not receiving the attention it deserves.
Entitled Identifying Critical Gaps in Database Security the report compiled the results of a survey that was filled out by 209 employees of businesses and organizations who were knowledgeable with regards to the database of their company. The results of the report, released this past April, showed that a whopping 47% of the organizations represented did not have someone overseeing database security. 39% of the companies did not even have an option to monitor their database in real time, allowing potential hackers plenty of time to work on the database before anyone in the company is alerted.
When asked to describe the biggest concerns they have for their databases, 50% of respondents stressed compromised credentials as being their greatest risk, 48% referred to experiencing a serious data breach, 47% said that the inability to identify breaches until it is too late is what concerns them the most, 44% mentioned a compromised or abused credential that is used to breach critical databases, and 31% commented on the dwell time of infiltrations into the network.
Clearly, many people felt that their database was vulnerable to security breaches. While 50% of the respondents being concerned about compromised credentials, 39% said that they had no detection tools in place to become aware if a breach of this type were to occur. In fact, only 21% said that they would be able to discover a breach from compromised credentials immediately, while 34% said it would take a day, and 18% said that they would need a week to sort it out. The remainder of the respondents thought that they would need at least a month or longer.
Because of the many security threats that threaten databases, the overall trend is showing that more and more companies are becoming aware of the problem and acting on it. It has been projected that over the next year, the emphasis on database security should increase from 40% of companies to 54%. Yet, this clearly still has a long way to go.
Because, although many respondents acknowledged the weight of the threat that is a security breach, only a small percentage actually were committing to performing regular assessments. This is a trend that needs to change, and quickly.
Michael Osterman, the president of Osterman Research, had this to say about the issue: “Identifying compromised database credentials and insider threats will likely receive far more investment in the future. And it is likely that the actual rate of successful infiltrations or other leakage events may be higher than discussed in this report due to inadequate organizational systems for tracking successful threats.”
As it stands, the world of database security has a long way to go before companies can feel truly secure about the safety of their data and databases. There is so much more that organizations and corporations can be doing to ensure their customers’ personal information is secure, that their company’s confidential data is seen only by the eyes that should be seeing it. Because after all, security can never truly be taken seriously enough.
Published at DZone with permission of Yaniv Yehuda, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.