Forgotten databases are a bigger risk than firms admit, says Imperva


Forgotten databases are a bigger risk than firms admit, says Imperva

Warwick Ashford

Forgotten or unprotected databases are responsible for more data breaches than most businesses would like to admit, says security firm Imperva.

A classic example is the data breach announced on 13 April by Australian software firm Atlassian, said Amichai Shulman, chief technology officer at Imperva.

The company said the breach potentially exposed passwords for customers who purchased Atlassian products before July 2008.

Atlassian said it had migrated its customer database in July 2008 and encrypted passwords, but the old database table was not taken offline or deleted.

"It is this database table that we believe could have been exposed during the breach," said Atlassian chief executive Mike Cannon-Brookes in a blog post.

The database contained sensitive information, but once it was not used as a production system it was forgotten, said Shulman.

"Unmanaged systems put sensitive data residing on them at a high risk - unmanaged systems are the top targeted systems," he said.

To protect sensitive data, it is imperative that organisations scan their networks to discover all databases and ensure they are managed and under control, said Shulman.

Failure to protect information can cost UK companies dearly with the Information Commissioner's Office able to impose fines of up to £500,000 for data breaches since 6 April 2010.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy