A recent white paper prepared by Application Security and sponsored by the Ponemon Institute shows that organizations may be more focused on protecting their IP over various sensitive Dbs (databases). It’s a constant struggle trying to figure out how to protect data while allowing necessary access. Two key findings:
– Forty percent said their organizations don’t monitor their databases for suspicious activity, or don’t know if such monitoring occurs. Notably, more than half of these organizations have 500 or more databases – and the number of databases is growing.
– “Trusted†insiders’ ability to compromise critical data was cited as the most serious concern – with 57 percent perceiving inadequate protection against malicious insiders and 55 percent for “data loss†by internal entities.
We’ve previously seen the data security risks posed by departing employees. Law departments need to understand what their IT brethren are doing about this, knowing that some of the biggest potential risks are posed by the very people you are asking.