The most effective data security approach involves technology to protect applications and databases alongside traditional approaches.
According to a survey by Imperva that aimed to uncover what technologies security practitioners find successful to mitigate breaches and comply with security mandates, it found that web application firewalls were among the top five rated technologies for reducing the number of data breach incidents.
Also used were network data loss prevention, full drive encryption, server/endpoint hardening and endpoint data loss prevention.
Additionally, the survey found that enterprise data security initiatives have accelerated data security, as data theft and monetisation become the ultimate goal for hackers and malicious insiders. Almost all respondents (88 per cent) said that PCI DSS was the primary driver for their information security program.
The survey also found that nearly two-thirds of organisations either did not know if they suffered any data breach incidents, or stated that they did not experience any. Of those ones that did, 46 per cent saw a decline in breaches, while 27 per cent reported the same number of breaches from the previous year.
Amichai Shulman, CTO of Imperva, said: “Data security is an emerging practice requiring practitioners to navigate numerous mandates, threats and technologies. This survey will help security teams identify what their peers find successful and hopefully help make improvements to their own strategy and operations.”
Rich Mogull, CEO and analyst at Securosis, an independent research firm specialising in information security who conducted the survey, said: “This survey illustrates that data security as a practice has transitioned past early adopters and significantly penetrated the early mainstream of the security industry. Given what's at stake, we are pleased to put numbers behind what we all hoped – that organisations are starting to take data security more seriously.”
Andy Gibbs, director of security and compliance at Star, said: “In business PCI is a major driver, and we are seeing standards coming up that are very similar. They all have a common basis that is ISO 27001 and address considerations that are specific to requirements. What is common is that someone's data needs to be protected despite of which industry you are in.