Informatica Perspectives

A difficult economy creates plenty of fear, uncertainty, and frustration within enterprises. Budgets get slashed, projects get put on hold, and overworked employees get stretched to the limits. Another victim of the recent downturn was data security efforts, a new survey shows.

I recently had the opportunity to deliver a Webcast that looked at the challenges of data security in an age of economic uncertainty, as demonstrated in a survey I helped conduct with the Independent Oracle Users Group (IOUG). The survey was part of my work with Unisphere Research/Information Today Inc. I was joined by Roxana Bradescu, senior director of database security product marketing at Oracle, and Ian Abramson, president of IOUG.

In our survey of 316 IOUG members, nine percent reported experiencing a data breach over the past year. While this may seem relatively low, it is still a 50-percent jump over last year's level. In addition, 20% of respondents feared a data breach was all but inevitable over the coming year.

Even more troubling, we found that corporate management has taken its eye off the ball in terms of data security. This is understandable given the distractions of the recent economic tsunami, but by cutting back on data security efforts, companies leave themselves open to costly incidents.

In my presentation, I observed that there was a notable reduction in data security initiatives since the last survey was conducted about the same time last year. There is less monitoring, less encryption, and reduced budget growth. Again, this is attributable to tight IT budgets and spending as a result of the turbulent economy – and this has repercussions across organizations' efforts to lock down their data assets.

The survey uncovered the following issues:

• Data security spending slowed dramatically over the past year. In the 2008 survey, 41% of respondents said their data security budgets were on the rise. This was down to 28% this year. About 13% said their companies outright cut security spending, a three-fold increase.
• More data is being sent to off-site third parties. The survey found more companies are turning to specialized third-party vendors for data administration and application development – a direct result of cost-cutting initiatives. About 36% now outsource, up from 28% a year ago. However, this opens data to all kinds of new threats – well beyond the control of the original data owners.  Many publicly revealed data theft incidents involve laptops that are stolen from the vehicles or premises of third-party contractors.
• More production data is being sent to non-production sites.  Close to half the respondents, 46%, say live production data – which could include credit card numbers and other sensitive data – is being used with non-production environments, such as development shops, testbeds, and back-up sites. This is up from 43% a year ago.
• Organizations are not paying enough attention to what privileged users are doing when they working within databases. The elevated privileges enjoyed by "super users," in fact, may be the Achilles' heel of data security. Only 39% say they have mechanisms that can prevent super users from abusing data. This especially gets risky if data is sent out of the production environment and over to development sites, test beds, or backup sites. You may completely trust your DBAs, but how about DBAs or developers in other departments?

As the economy improves and more automation is introduced to data management, we may see these issues handled in a more comprehensive way. In the meantime, managers need to be more aware of the potential issues from within their firewalls.