You would think databases would be at the top of the security food chain. And in a sense they are. Companies spend a lot of energy trying to protect unauthorized users from breaching the network, which is the first line of defense. But database-centric security is an area that would appear to be shockingly lax, according to a survey by Enterprise Strategy Group and commissioned by Application Security.

Sixty percent of respondents say their existing controls aren't enough to protect confidential data, and 70 percent say these controls "are not well-defined,"  notes Dark Reading. Nearly 40 percent say their databases failed internal audits, and 33 percent say they had failed a Sarbanes Oxley audit.

Why the poor marks? A lot of people blame tight IT budgets, which force enterprises to continue with manual process that lead to errors. Indeed, some think the internal threat may be the greatest exposure. IBM's purchase of Guardium may lead to a bit more exposure of this thorny issue. 

For more:
- here's the article

Related Articles:
IBM purchases database security vendor
Forensic savvy key to fighting database hackers?
Physical security and SAS 70