Richard Isenberg, Fiserv's VP of security engineering, turned to Imperva for tools to handle segregation of duties, vulnerability scanning and blocking suspicious activity. "The databases themselves don't have enough security baked in to meet our compliance initiatives around tracking and understanding everything that privileged users do and alert us when they're doing something we don't want," he says.

"It's the fox-watching-the-henhouse mentality," says Jon Oltsik, senior principal analyst at ESG. "The security community says it wants a third party finding problems with the database versus the database vendors themselves."

Database Security Trends and Best Practices

Team up: One reason many companies are low on the database security maturity curve is that there's a disconnect between the database and security teams.

"Databases are complicated, and database teams are often their own fiefdom, very separate from the security team," says Josh Shaul, CTO at Application Security. "For the majority of companies that have a database security program, it's very isolated and tends to not be making a lot of progress."