Database Security, Risk, Compliance Gaps On The Rise: Application Security Survey

Respondents expect threats against sensitive information to continue to rise

December 09, 2008

NEW YORK - December 8, 2008 - Application Security, Inc., the leading provider of database security, risk and compliance solutions for the enterprise, today announced the findings of its "Database Security Controls" survey with analyst firm Enterprise Strategy Group. While 58% of respondents reveal that the largest percentage of confidential data is located in the database, 54% note that a lack of internal processes and controls hinder the effectiveness of their database security efforts. A key indicator that enterprise organizations experience major gaps in protecting sensitive data is exposed by the finding that more than half of the respondents suffered a confidential data breach within the past 12 months.

Respondents expect threats against sensitive information to continue to rise, with 73% predicting that database attacks will continue to increase. Improving database security is crucial because nearly half (43%) of all enterprise databases contain critical data that can include customer credit card numbers and other personal information.

"The research indicates that enterprise data security, risk and compliance is an enormous challenge, and the high percentage of reported data breaches and failed compliance audits reveal a vital need for improved control processes," said John Ottman, chief executive officer of Application Security, Inc. "DbProtect(tm) is a best practice solution that provides a single view of database security and compliance across the enterprise. With 76% of respondents placing purchasing priority on database security for 2009, organizations appear to be taking action. However, despite the severity of the problem nearly 55% of organizations report challenges and note a lack of progress to protect confidential information."

Additional "Database Security Controls" survey key findings Maintaining a false sense of security: Eighty-four percent of respondents felt that their organization's data security controls for sensitive information was adequate, but follow-up security questions made it clear that there is a disconnect between the initial responses and realities of preventing hacks and supporting compliance mandates.

Failing grades for compliance audits: In addition to the high number of reported data breaches during the past year, organizations failed audits in key categories more than one-third of the time:

Internal audits: 48% Payment Card Industry (PCI) Security Standard: 42% Health Insurance Portability and Accountability Act (HIPPA): 36% Gramm-Leach-Bliley Financial Services Modernization Act (GLBA): 36% Federal Information Security Management Act (FISMA): 38%

The report, commissioned by Application Security, Inc. and executed by Enterprise Strategy Group, is based on 179 in-person and phone surveys with global IT decision makers located in North America.