Osterman Research Study Finds Most Organizations Lack Necessary Visibility Into Data and Database Assets

New Study Also Reveals 47 Percent of Respondents' Enterprises Have Not Assigned a Team or Individual to Oversee Database Security


SAN DIEGO, CA--(Marketwired - Apr 20, 2016) - Osterman Research, an industry analyst firm focused on research in messaging, collaboration and related areas, and DB Networks®, a leader in database cybersecurity, today announced the results of Osterman Research's first-of-its-kind database security industry report. The study found that only 19 percent of organizations have what the organization considers to be "excellent" visibility into their data and database assets. This level of visibility is necessary to rapidly identify a data breach. Furthermore, 47 percent of those surveyed do not have an assigned team or even an individual to oversee the security of their databases.

The report, "Identifying Critical Gaps in Database Security," was independently conducted by Osterman Research, an analyst firm providing timely and accurate market research, cost analysis and technical benchmarking. The research was conducted from February through April to determine organizations' ability to address database security, their ability to prevent data breaches, and their preparedness to address the security of critical data assets and databases.

The study analyzed responses from 209 members of the Osterman Research survey panel identified as qualified respondents. To qualify for the survey, respondents were required to confirm they have general knowledge about databases and database security practices in their organizations, and their organizations had to have at least 300 employees. The mean number of employees at the organizations participating in this survey was 22,142.

"This study reveals there's a clear shift beginning to occur in information security away from total reliance on perimeter security toward a greater emphasis on database security," said Michael Osterman, president of Osterman Research. "Identifying compromised database credentials and insider threats will likely receive far more investment in the future. And, the actual rate of successful infiltrations or other leakage events is likely greater than discussed in this report due to inadequate organizational systems for tracking successful threats."

For a copy of the report, see: http://www.dbnetworks.com/resources/Identifying-Critical-Gaps-in-Database-Security.htm

Additional key findings of the study include:

  • In addition to most survey respondents lacking excellent visibility into their organizations' data and databases, 59 percent of respondents lack a high degree of certainty about which applications, users and clients are accessing their databases.
  • When asked what database security issues are of most concern, compromised credentials was the top concern of half of the survey respondents. The next biggest concern was the potential for the organization to experience a major data breach, followed by the inability to identify data breaches until it's too late.
  • Thirty-nine percent of organizations surveyed lack the necessary tools to allow them to identify a database breach resulting from compromised or abused credentials.
  • The research also revealed that a data breach resulting from compromised or abused credentials could not be discovered quickly. Only 21 percent of survey respondents indicated they can discover such a data breach almost immediately. Most could not, and 15 percent responded they have no idea how long it would take to discover a breach.
  • Thirty-eight percent of organizations surveyed revealed they do not have the mechanisms and controls in place to allow them to continuously monitor their organization's databases in real time.
  • Only 20 percent of organizations surveyed conduct database activity assessments on a more or less continuous basis. However, slightly more than half of respondents conduct these assessments very infrequently -- only once per quarter or less often. And 6 percent of organizations never conduct these assessments.

"We've long suspected organizations lack the necessary tools and staff for proper database security," said Brett Helm, Chairman and CEO of DB Networks. "This study finally revealed why organizations' data has become so vulnerable to attack. Simply assigning responsibility for database security and equipping them with continuous and real-time visibility into their databases would be an important first step for any organization."

About Osterman Research
Osterman Research provides timely and accurate market research, cost data, cost models, benchmarking information and other services to technology-based companies. It does this by continually gathering information from IT decision-makers and end-users of information technology. The company analyzes and reports this information to help companies develop and improve the products and services they offer to these markets or to internal customers.

About DB Networks®
DB Networks innovates database cybersecurity products. Its customers include the world's largest financial institutions, healthcare providers, manufacturers, and governments. DB Networks technology non-intrusively assesses database infrastructures through deep protocol extraction, machine learning, and behavioral analysis. Customers gain insights by discovering all active databases, identifying tables being accessed, and the specific applications accessing the databases. In addition, analyzing application database access that deviates from the model of normal application behavior immediately identifies compromised credentials and database attacks. DB Networks is a privately held company headquartered in San Diego, Calif. For more information, call (800) 598-0450 or visit the DB Networks website, Twitter page, LinkedIn page, Google+ page, and YouTube channel.

DB Networks is a registered trademark of DB Networks, Inc. in the United States and other countries. All other company and product names are either trademarks or registered trademarks of their respective companies.

Contact Information:

Contact:
Dan Spalding

(408) 960-9297