Security Inside Out Edition
Oracle Corp
March 2012 Stay Connected: Oracle Database on TwitterFacebookBlog  Oracle Identity Management on TwitterOracle Identity Management on FacebookBlog    
Back to the main page
Study: Strong Database Security Measures Leave Organizations Less Vulnerable

Most organizations are taking stronger measures to protect their data, but according to a January 2012 thought leadership paper commissioned by Oracle and conducted by Forrester Consulting, many are also still leaving critical systems—databases—vulnerable.

“Forrester estimates that only 20 percent of enterprises have some basic database security strategy that addresses the risks to their critical databases,” according to the study. “Without a database security strategy in place to address risks in a systematic way, enterprises are taking on risks that they may not even be aware of, and can be vulnerable to attacks and regulatory audit failures.”

Based on in-depth interviews at large enterprises across a number of industries, the study found that while most enterprises view database security as critical, most do not have a comprehensive database security strategy. Moreover, most approach security from a monitoring and detection perspective.

“By contrast, we found that companies that implemented a comprehensive and integrated database security solution with a strong emphasis on preventive measures achieved improved security controls, introduced a higher degree of automation across the enterprise, and were more confident in defending against attacks,” the study stated.

The Forrester study highlighted several key issues, including
  • Most enterprises do not have a comprehensive database security strategy.
    Most enterprises focus more on network and application middleware security, and many have only basic database security practices.
  • Database security doesn’t get the priority and investment that it needs, leaving the organization vulnerable.
    Companies often have a false sense of security about databases, thinking that their presence deep within the corporate infrastructure makes them harder to reach.
  • Enterprises tend to focus on detective controls rather than take preventive measures for database security, and may not be achieving the outcome expected.
    Many companies depend on reactive tactics such as auditing and monitoring, but the study found that focusing on prevention was a critical factor, as more database attacks target corporate intellectual property.
  • Integrated database security platforms help lower costs and deliver enhanced security.
    The study found that companies that implemented technology from several vendors discovered significant gaps in their security.
Read the full commissioned study, Formulate a Database Security Strategy to Ensure Investments Will Actually Prevent Data Breaches and Satisfy Regulatory Requirements (January 2012), conducted by Forrester Consulting.

Learn more about Oracle Database Security.

Back to Top
Oracle Information InDepth newsletters bring targeted news, articles, customer stories, and special offers to business people who want to find out how to streamline enterprise information management, measure results, improve business processes, and communicate a single truth to their constituents.

Please send questions or comments to

For answers to questions about subscribing, unsubscribing, and managing your Oracle e-mail communications preferences, please see the Oracle E-Mail Communications page.

Copyright © 2012, Oracle Corporation and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.


Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States

Your privacy is important to us. You can login to your account to update your e-mail subscriptions or you can opt-out of all Oracle Marketing e-mails at any time.

Please note that opting-out of Marketing communications does not affect your receipt of important business communications related to your current relationship with Oracle such as Security Updates, Event Registration notices, Account Management and Support/Service communications.