Sensitive Data Protection at Crisis Level in Protecting Enterprise According to Application Security, Inc.'s 2009 Survey

Organizations Suffering from Failed Database Audits and a Lack of Clear Controls for Database Protection; Study Reveals Misplaced Spending Priorities for Data Security

NEW YORK, December 8, 2009 â"€ Application Security, Inc., the leading provider of database security, risk and compliance (SRC) solutions, today announced the results of its 2009 "Database Security and Compliance Risks" survey with Enterprise Strategy Group. The study profiled 175 enterprise organizations, and the statistics revealed that enterprise organizations have reached a crisis state in database protection.

This study reveals that 60% of organizations don't feel their existing database controls adequately protect their organization's confidential data. In addition, the data reports that nearly 70% of organizations do not feel that their existing database controls are well-defined, indicating that over two-thirds of organizations lack an adequate plan and approach to protect confidential data.

The survey reveals that despite the fact that over two-thirds of organizations are spending moderate to significant amounts of time writing custom scripts, remediating compliance issues, and engaging in associated tasks, 38% of organizations still failed database security audits. The study further reveals the troubling statistic that less than 4% of IT budgets are spent protecting the data where it lives - in the database.

"We're at war with the cyber criminals and clearly we are not winning," said John Ottman, president and CEO, Application Security, Inc. "2009 saw a sevenfold increase in records breached, and our research is an acknowledgement by enterprise IT security executives that we are in the midst of a crisis."

"This year's data reflects increased risk to the enterprise database, and a clear lack of understanding of what it takes to protect confidential information," said Jon Oltsik, senior analyst, Enterprise Strategy Group. "Organizations must establish clear controls for database protection and consider re-prioritizing security budgets."

Additional key findings:
• Only 37% of organizations feel they meet compliance standards relative to protecting their company's information.
• Respondents cited that failed audits are largely based on a lack of an effective access control policy, reporting/audit process issues and multiple technology issues.
• Internal audits and Sarbanes-Oxley audits top the list of the types of security audits organizations are failing in 2009. The 2008 survey demonstrated that respondents reported higher failures rates for PCI, HIPAA, GLBA and FISMA audits.
• Over half of enterprises surveyed cite budget constraints as an issue impacting ability to protect their database systems - an indication that the economy is still playing a role in this growing problem.
• The two leading root causes of data breaches cited were human error (53%) and external attacks (34%).
Survey webinar and report information
Application Security, Inc. will be hosting a webinar to discuss the research findings. Jon Oltsik, senior security analyst with Enterprise Strategy Group, and Thom VanHorn, vice president, global marketing, Application Security, Inc. will be the presenters.

Title: Enterprise Database Security Controls: Unmasking Today's False Sense of Security and Compliance
Date: Tuesday, December 8, 2009
Time: 2:00 PM - 3:00 PM EST
Register: https://www1.gotomeeting.com/register/705660585

To download a copy of the comprehensive "Database Security and Compliance Risks" report executive summary and Application Security, Inc. Solutions Brief, please visit www.appsecinc.com.

Share:


Tags: breach, Compliance, data, database, enterprise, ESG, security, Software, survey, threats


About Application Security, Inc.

View Website

Tom Bain
Press Contact, Application Security, Inc.
Application Security, Inc.
350 Madison Ave, New York
Floor 6
10017