Database security is a growing concern. However, many security efforts are focused on the external boundaries of systems and don’t address data or the database directly. For example, 64% of the respondents to our survey are using encryption on their databases, a good sign.But if you’re applying encryption outside of the database—say, at the disk-drive level—you’re not fully covered. If someone copies the database files using an operating system utility and then accesses them with tools other than the database itself, this type of encryption should defeat efforts to use the data.When the data is accessed in place through the database system, however—perhaps with a stolen user account and password—you may as well start drafting the breach notification. We're not saying database encryption isn't a fundamental precaution.In fact,we'd like to see usage rates move closer to 100%.What's holding many back is fear that it will complicate recovery from system failures and/or disasters, and that the means to decrypt data will somehow be lost, compromised, or unavailable at the crucial moment.
Our survey respondents seem to do better at some procedural elements of data security, where we see 74% logging transactions on sensitive databases.However,we do wonder about the fact that 70% say their organizations perform database security assessments, yet when asked which security assessment products they use, 64% didn't know. Database administrators and security teams need to be proactive and work together, or they have no room to complain when things go south. See much more on database security at our Dark Reading Tech Center.