From insider attacks to patching, database security has its challenges—but even so, many database administrators are confident in their organization’s ability to address them.
That is one of many takeaways from a sweeping survey performed by Unisphere Research and sponsored by Application Security. The report features data culled from a survey of 761 members of the Professional Association for SQL Server (PASS) in September. Among its findings: While 20 percent said a data breach was either "inevitable" or "somewhat likely" during the next 12 months, two-thirds described it as "highly unlikely" or "somewhat unlikely."
In addition, just 7 percent said they had either had one data breach or multiple breaches in the past 12 months. Among those who had at least one data breach, 34 percent cited external attacks as the source, while 21 percent said insider attacks. However, many SQL Server pros identified human error as the greatest risk to security, with 65 percent citing it as the most significant challenge. Hiding under human error’s umbrella are problems such as nonmalicious policy violations that end in data being compromised and mistakes that occur during the often manual process of reviewing user rights.
"Due to the potential impact of a breach, database security must be a priority and that priority must be supported by management," said Thom VanHorn, vice president of global marketing for Application Security. "This trickles down in the form of better communication, better education, identified responsibilities, and the tools and funding to achieve those objectives."
Behind human error, the most commonly cited challenges to database security are insider hacks and abuse of privileges (44 percent). A separate report by Unisphere based on responses from members of the Independent Oracle Users Group earlier this year had a similar finding, with 34 percent of the 430 respondents listing those areas as the greatest risk.