Database security, risk and compliance gaps on the rise

Application Security announced the findings of its “Database Security Controls” survey with analyst firm Enterprise Strategy Group. While 58% of respondents reveal that the largest percentage of confidential data is located in the database, 54% note that a lack of internal processes and controls hinder the effectiveness of their database security efforts.

A key indicator that enterprise organizations experience major gaps in protecting sensitive data is exposed by the finding that more than half of the respondents suffered a confidential data breach within the past 12 months.

Respondents expect threats against sensitive information to continue to rise, with 73% predicting that database attacks will continue to increase. Improving database security is crucial because nearly half (43%) of all enterprise databases contain critical data that can include customer credit card numbers and other personal information.

Additional survey key findings:

• Maintaining a false sense of security: Eighty-four percent of respondents felt that their organization’s data security controls for sensitive information was adequate, but follow-up security questions made it clear that there is a disconnect between the initial responses and realities of preventing hacks and supporting compliance mandates.
• Failing grades for compliance audits: In addition to the high number of reported data breaches during the past year, organizations failed audits more than one-third of the time.