As a greater portion of business operations and communications are migrated to online platforms, it is becoming clear that the burden of information security is too great for IT personnel alone. According to the latest analysis conducted by Unisphere Research, organizational disconnects may actually be to blame for the majority of database security issues encountered in the modern enterprise.
For the report, entitled Data Security At An Inflection Point: 2011 Survey of Best Practices and Challenges, researchers polled more than 500 enterprise IT and data managers to gain perspective on emerging trends. Within the majority of surveyed companies, database security functions were often split between IT staff and individual database owners. However, this organizational framework could be the source of significant vulnerabilities.
Unisphere analysts discovered that, contrary to popular belief, disconnect between internal teams was responsible for a greater proportion of security incidents than user error or insider threats. Conflicting views over the prioritization of responsibilities created much of this divide.
The overwhelming majority of survey respondents agreed that the data security risks faced by their organizations have grown in both volume and complexity in the past several years. The growing awareness of hacktivism and other cybercriminal plots also inspired increased protection efforts among half of responding organizations, and one in three indicated that they had increased the frequency of auditing procedures.
However, a number of IT professionals polled suggested that this growing awareness of data security issues was somewhat of a hollow victory.
According to Unisphere, just 14 percent of respondents indicated that their teams had received additional funding for improvements to technical architecture, and only one out of 10 was provided with support from additional staffing or consultancy.
"While it is evident from the survey's findings that awareness of the sophistication levels and threats of outside hackers has been heightened, enterprises continue to engage in lax database security," lead analyst Joe McKendrick noted. "Data security not only relies on good technology, but also effective and committed management. It remains unclear as to why management is unwilling to fully heed IT managers' warnings about impending threats to business."
This discrepancy has only become more pronounced as companies struggle to adapt internal protocol to reflect the new realities of cloud computing. As a result, IT directors are putting their foot down and exercising extreme caution when migrating databases to the cloud.
Unisphere researchers found that just 2 percent of respondents had migrated these crucial business assets to public cloud environments, with two-thirds suggesting that cloud security concerns were too great. Additionally, just one in five respondents indicated that they have explored the possibility of operating databases in a private cloud, with 45 percent still discouraged by the data protection reputation of these environments.
The silver lining to Unisphere's findings seems to be that, in some cases, database security progress is being made at a more granular level. Two-thirds of respondents indicated that their organizations conduct data audits at least once per year and 44 percent have incorporated automation tools to facilitate improved monitoring.
This diligence could prove to be a valuable defense strategy as the era of big data begins in earnest. But companies will also need to respond with innovative tools to cope with new developments like the influx of unstructured data.
"Whether big data is going to reside in the data warehouse or some other more scalable data store still remains up in the air. One thing is for certain though, big data is not easily handled by the relational databases that the typical [database administrator] is used to wrangling within the traditional enterprise database server environment," explained Dark Reading contributing editor Ericka Chickowski in a recent report.
As database operations outgrow their traditional relational formats and are incorporated into widely distributed cloud applications, Chickowski added that achieving compliance will become even more difficult for enterprise data security teams. With some organizations still struggling to satisfy traditional compliance standards – particularly in the healthcare sector – the coming months and years could expose vulnerabilities faster than ever before.
"The move to electronic health record systems driven by [the Health Insurance Portability and Accountability Act and Health Information Technology for Economic and Clinical Health Act] is causing a dramatic increase in the accumulation, access and inter-enterprise exchange of [personally identifiable information]," industry expert Joe Gottlieb explained in an interview with Chickowski. "For the largest healthcare providers and payers, this has already become a big data problem that must be solved to maintain compliance."
Despite the variety of complex new variables inserted into the database security equation, the Dark Reading columnist asserted that the fundamentals remain the same across sectors. Organizations will need to have a clear view of where their data resides and map its locations in transit or at rest with comprehensive monitoring systems.
Data Security News from SimplySecurity.com by Trend Micro