In addition to most survey respondents lacking visibility into their organizations’ data and databases, 59% of respondents lack a high degree of certainty about which applications, users and clients are accessing their databases. Yet 47% of those surveyed do not have an assigned team or even an individual to oversee the security of their databases.

When asked what database security issues are of most concern, compromised credentials was the top concern of half of the survey respondents. The next biggest concern was the potential for the organization to experience a major data breach followed by the inability to identify data breaches until it’s too late. Only 21% of survey respondents indicated they can discover such a data breach almost immediately. Most could not, and 15% responded they have no idea how long it would take to discover a breach.

In a related data point, 38% of organizations revealed they do not have the mechanisms and controls in place to allow them to continuously monitor their organization’s databases in real time. Only 20% of organizations conduct database activity assessments on a more or less continuous basis.

Michael Osterman, president of Osterman Research, said the study reveals there’s a clear shift beginning to occur in information security away from total reliance on perimeter security toward a greater emphasis on database security.