Enterprises are increasingly virtualizing systems without implementing necessary remote database support, putting company and client information at risk.
According to a recent survey conducted by Varonis, 80 percent of organizations currently store data relating to customers, clients or business partners, yet only 30 percent feel confident that the database is fully protected. There was a clear relationship between enterprises that felt certain of the adequacy of data loss prevention efforts: Those firms also reported having enhanced visibility into where third party data is stored, and conducted regular audits to review database activity and access. In fact, related Varonis research determined that 70 percent of enterprises have implemented little to no auditing capabilities. David Gibson, vice president of strategy at Varonis, concluded that many businesses assume that databases are secure in the cloud, and therefore fail to take any additional steps to monitor access or manage file transfer.
“For organizations to stay on top of their digital assets, it is vital to further IT education in this area, both in terms of training staff in understanding virtual file systems, as well as in effectively using automation to uncover security holes, monitor activity and control permissions,” he explained.
Awareness leads to control
Experts agree that visibility into database activity is crucial to heightened security efforts. Online Trust Alliance executive director and president Craig Spiezle told Information Week that enterprises should approach data security as an ongoing process as opposed to a one-time technological solution. Spiezle asserted that keeping firewall and server logs for at least a year can help organizations to better track risk factors or the root cause of a particular incident. Therefore, activity logs are not only important for identifying abnormalities or impending threats, but also for investigation purposes.
Often, enterprises are not completely aware of employee transmittance of confidential data outside of the company. Spiezle recommended that firms implement strong rules-based tracking technologies that can automatically monitor how certain information is accessed or shared. He explained that although IT may be well trained in handling data storage processes, these teams are typically unable to sufficiently govern the use and transfer of information.
“[Businesses] have to view data protection and privacy as a holistic, company-wide effort,” he said. “If they only focus on it as an IT issue, they will most likely fail.”
Database administration services empower enterprises with heightened visibility, which is the key to ensuring a secure database that is up-to-date in mitigating potential threats and identifying risky behavior surrounding the use of sensitive information.