Top Database Security Trends in 2014
Analysts estimate that two-thirds of organizations' sensitive and regulated data resides in their databases—and the total amount of that sensitive data is growing fast, along with the rest of the digital universe. One analyst claims it will reach 35 zettabytes by 2020.
As a result, security professionals and database administrators need to be asking two fundamental questions.
As a result, security professionals and database administrators need to be asking two fundamental questions.
- Where is all of my sensitive data?
- Who has access to that data?
Trend #1: More Organizations Will Know Where Their Sensitive Data Resides
When you know where your sensitive data lives, you are better able to lock it down. According to the 2013 IOUG Enterprise Data Security Survey, available for download soon, a growing number of organizations say they know where all their sensitive or regulated information resides. In fact, this number has grown from 52 percent in 2010 to 70 percent in 2013.
It’s likely this figure will continue to rise in 2014, especially given that high-profile incidents in 2013 have shed light on potential risks.
Trend #2: Data Encryption Won’t Keep up with Data Growth Rates
With the unprecedented growth of data and databases, organizations are growing faster than their ability to lock down sensitive data. In 2011, 30 percent of organizations claimed they were encrypting all their databases. In the 2013 IOUG report, that number had declined to 20 percent—despite headline-grabbing breaches.
This change could mean that organizations have greater awareness of what data needs protection. Or it could mean that data volumes are exploding faster than organizations can secure and encrypt that data. In either case, it is clear that in 2014, the challenge will continue to grow.
Trend #3: Regulations and Other Forms of Compliance Will Continue to Expand
To date, organizations simply are not doing enough to secure their customers’ sensitive information, so government and industry have stepped in to make sure they do. As a result, requirements are changing constantly. For many enterprises facing multiple requirements, confusion persists and compliance costs keep rising.
Looking forward, it all comes down to two questions: where is my sensitive data, and who has access to it? To answer those questions, organizations need a database strategy that tracks all sensitive data and protects it with both preventive and detective security controls. These are the principles of Oracle's defense-in-depth approach to database security.
