The 2010 Independent Oracle Users Group (IOUG) Data Security Survey Report published by Unisphere Research, a division of Information Today, Inc., and sponsored by Oracle Corporation, uncovered the following troubling findings:

1. Fewer than 30 percent of respondents are encrypting personally identifiable information in all their databases.
2. Close to two out of five of respondents’ organizations ship live production data out to development teams and outside parties.
3. Three out of four organizations do not have a means to prevent privileged database users from reading or tampering with HR, financial or other business application data in their databases.
4. In fact, two out of three respondents admit that they could not actually detect or prove that their database administrators and other privileged database users were not abusing their privileges.
5. However, database administrators and other IT professionals aren’t the only people that can compromise data security from the inside. An end user with common desktop tools can also gain unauthorized direct access to sensitive data in the databases.
6. Almost 64 percent indicate that they either do not monitor database activity, do so on an ad hoc basis, or don’t know if anyone is monitoring.
7. Overall, two-thirds of companies either expect a data security incident they will have to deal with in the next 12 months, or simply don’t know what to expect.

More details in the report …