Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

65% of companies expose personally identifiable information

Posted on 21 August 2012.

More than 65 percent of businesses don’t protect their customers’ private data from unauthorized employees and consultants, according to a survey of hundreds of IT managers and developers at large organizations conducted by GreenSQL.

With today’s increasingly public use of private information, protecting data resources from security breaches is absolutely crucial. Multiple regulations from organizations like the Payment Card Industry (PCI) mandate that companies in possession of personally identifiable information (PII) protect it from unauthorized access and use.

GreenSQL recently polled IT professionals about the measures they take to prevent developers, QA, DBAs, consultants, outsourced employees, suppliers and application users from having access to sensitive data. The results were surprising:

65% take no preventative measures
23% use masking techniques only in non-production environments, such as dummy data and scrambling. However, these solutions are expensive, complex and require custom development; moreover, these solutions are not transferrable to other projects.
12% deploy dynamic data masking solutions on their production environments.

“Most companies would say protecting customer data is critical to maintaining their business and reputation,” said GreenSQL CEO, Amir Sadeh. “However, something is wrong when we discover that many IT departments are making no masking efforts whatsoever, and others are taking tepid approaches.”

GreenSQL's Dynamic data masking (DDM) solution applies rules to enforce access, making sure those who need to access certain parts of the sensitive data have it and those who shouldn’t see anything, won’t. It ensures that the data never leaves the database in its original form, preventing information theft. DDM allows real-time masking of sensitive data with no impact on the stored data itself and requires no change in the application’s code.

“Databases are high-quality targets for those engaged in industrial espionage. Many organizations are still vulnerable, which is especially troubling after so many recent attacks. We hope this survey will help companies sit up and take notice of the gaps in their systems and close them." concludes Sadeh.