Is is expected that by 2011 the amount of data stored online in information systems will, no longer be referred to by megabytes, gigabytes, tera-bytes, or peta-bytes but exa-bytes. Protecting this data from threats will become more important than ever and face sticker regulation from worldwide data protection and breach disclosure laws.
As companies come to rely on the data in their information systems the asset value of the database increases with each new data record added. As the value of the data increases so do the risks associated from theft by internal and external threats. Recent studies by the Independent Oracle Users Group (IOUG) have shown that the least unprotected component of a companies hardware and software architecture is often the database.
How effective is your database security? Most Chief Technology Officers (CTO) support the concept of data security but few have addressed key vulnerabilities stemming from exposure of data to internal sources. Most CTO's recognize that internal sources pose the greatest risk and vulnerability to their organization but few have policies and procedures in place to prevent them from occurring and even fewer have plans in the event a data breach occurs.
The reason many of CTO's don't have policies in place is because of the complexity of data environments and the lack of understanding where the data resides and how data disseminated and shared within an organization and downstream applications. Privacy concerns exist wherever personally identifiable information is collected and stored - in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues.
Data privacy issues can arise in response to information from a wide range of sources, such as:
- Health care records
- Criminal justice investigations and proceedings
- Financial institutions and transactions
- Biological traits, such as genetic material
- Residence and geographic records
- Ethnicity