- Numerous companies are working to evolve their database ecosystems through cloud and big data initiatives, and are subsequently facing an increasing number of compliance and data security needs. Recent research found though that not many organizations are confident in their ability to identify security breaches and compliance violations in new database environments.
Approximately one-quarter (23 percent) of surveyed data security decision makers said they feel very prepared in their organization’s vulnerability scanning and management capabilities in new database environments, according to Forrester Consulting. Seventeen percent of respondents said they felt very prepared in their entity’s ability to identify security breaches and compliance violations in new database environments.
Imperva commissioned Forrester Consulting to compile results in Modern Database Architectures Demand Modern Data Security Measures. Researchers used 150 responses from US-based companies that are currently using big-data or cloud-based database architectures.
Vulnerability scanning and management (60 percent), automated analytics for security/compliance (53 percent), and sensitive data discovery or classification (48 percent) were the top three most important data security and compliance capabilities, the report showed.
“The consistent policies requirement makes perfect sense when you consider that most cloud migration will be a gradual process, since few organizations will be able to move everything at once,” the research team stated. “Realistically most organizations will probably end up managing both cloud and data center-hosted systems for a significant length of time.”
Respondents were also asked about the use of database activity monitoring (DAM) tools and how the tools brought visibility and control to the company processes.
Surveyed data security decision makers typically found that the realized benefit surpassed the expected benefit. This did not occur though with the amount of time spent on security.
Forty-two percent of respondents said they expected to spend less time on security from IT teams, but 30 percent reported that this actually happened.
“While DAM tools can offer greater security capabilities, they ultimately are not a replacement for dedicated security and compliance efforts from IT teams,” researchers noted. “In-house security expertise is a must-have regardless of where data resides—in the cloud, on-premises, or both.”
Half of respondents (51 percent) reported that compliance needs (i.e., HIPAA, GLBA, GDPR) shift to be significantly more important as database architectures consolidate data onto big data platforms and/or migrate to the cloud.
Fifty-seven percent of those surveyed said that security needs such as data protection and identity and access management became significantly more important.
The survey also showed that approximately three-quarters of organizations do not feel very well prepared to deliver on any of their most important compliance capabilities.
Compatibility challenges with other systems (46 percent), internal data governance concerns (37 percent) and concern over third-party access to databases (35 percent) were the primary challenges companies face when it comes to preparing to manage security and compliance.
“Legacy security measures may no longer be sufficient to cover new infrastructures; this forces companies to revise their approach,” report authors explained. “The lack of compatibility can lead to governance and visibility concerns, as companies struggle to ensure all systems are compatible and all data is properly protected.”
Compatibility challenges are often cited as a key concern for healthcare organizations, especially as more entities are adopting internet of things (IoT) devices.
Seventy-four percent of business technology professionals in healthcare said they are moderately to extremely concerned about their organization’s ability in IoT device security, according to ISACA research from 2017.
Forty-eight percent of those surveyed said they had challenges or resistance with public cloud deployment, with 46 percent of respondents saying IoT deployment had implementation difficulties.
“Emerging technologies have to be embraced,” ISACA CEO Matt Loeb said in a statement. “As the research shows, the reluctance to deploy them is linked to the need to understand and mitigate the risks of doing so. Organizations that implement a strong information and technology governance program will better understand their capabilities, which leads to more effective risk management and increased confidence in deployment of these technologies.”
All healthcare organizations must ensure that they have a secure yet still accessible health IT infrastructure. Providers will be better able to prevent, detect, and recover from potential data breaches when there is a current and secure HIT infrastructure.
Organizations must keep themselves up to date on the latest security and compliance requirements with regard to their databases. Implementing applicable tools such as DAM solutions can also be greatly beneficial in that process.