Over a million developers have joined DZone.

Database Security Is Not Being Taken Seriously Enough

See where modern database security falls short, ranging from monitoring to credentials, and why that's not a trend that should continue.

· Database Zone

Build fast, scale big with MongoDB Atlas, a hosted service for the leading NoSQL database. Try it now! Brought to you in partnership with MongoDB.

A breach in your database security can be disastrous, costing millions of dollars, breaches of privacy, and the loss of jobs. It can lose your company the trust of its customers, and ultimately, their patronage. However, despite its importance, according to a new report from Osterman Research and DB Networks, it is not receiving the attention it deserves.

Entitled Identifying Critical Gaps in Database Security the report compiled the results of a survey that was filled out by 209 employees of businesses and organizations who were knowledgeable with regards to the database of their company. The results of the report, released this past April, showed that a whopping 47% of the organizations represented did not have someone overseeing database security. 39% of the companies did not even have an option to monitor their database in real time, allowing potential hackers plenty of time to work on the database before anyone in the company is alerted.

When asked to describe the biggest concerns they have for their databases, 50% of respondents stressed compromised credentials as being their greatest risk, 48% referred to experiencing a serious data breach, 47% said that the inability to identify breaches until it is too late is what concerns them the most, 44% mentioned a compromised or abused credential that is used to breach critical databases, and 31% commented on the dwell time of infiltrations into the network.

Clearly, many people felt that their database was vulnerable to security breaches. While 50% of the respondents being concerned about compromised credentials, 39% said that they had no detection tools in place to become aware if a breach of this type were to occur. In fact, only 21% said that they would be able to discover a breach from compromised credentials immediately, while 34% said it would take a day, and 18% said that they would need a week to sort it out. The remainder of the respondents thought that they would need at least a month or longer.

Because of the many security threats that threaten databases, the overall trend is showing that more and more companies are becoming aware of the problem and acting on it. It has been projected that over the next year, the emphasis on database security should increase from 40% of companies to 54%. Yet, this clearly still has a long way to go.

Because, although many respondents acknowledged the weight of the threat that is a security breach, only a small percentage actually were committing to performing regular assessments. This is a trend that needs to change, and quickly.

Michael Osterman, the president of Osterman Research, had this to say about the issue: “Identifying compromised database credentials and insider threats will likely receive far more investment in the future. And it is likely that the actual rate of successful infiltrations or other leakage events may be higher than discussed in this report due to inadequate organizational systems for tracking successful threats.”

As it stands, the world of database security has a long way to go before companies can feel truly secure about the safety of their data and databases. There is so much more that organizations and corporations can be doing to ensure their customers’ personal information is secure, that their company’s confidential data is seen only by the eyes that should be seeing it. Because after all, security can never truly be taken seriously enough.

Now it's easier than ever to get started with MongoDB, the database that allows startups and enterprises alike to rapidly build planet-scale apps. Introducing MongoDB Atlas, the official hosted service for the database on AWS. Try it now! Brought to you in partnership with MongoDB.

data breach,database,database security,monitoring

Published at DZone with permission of Yaniv Yehuda, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}