The world of digital data has undergone a revolution over the last decade. Whereas 10 years ago, digital data storage came at a premium and was often bulky, innovations such as flash storage and improved data compression have made data storage less expensive and more portable.

Today, the average person on the street could be equipped with several, if not dozens or even hundreds of gigabytes of data storage, from iPods to PDAs to cell phones to digital cameras, right on down to a key chain filled with USB flash drives. Digital data storage is everywhere, which represents a real challenge for businesses looking to keep their own digital data safe and secure.

Portable data devices mean companies increasingly must be aware that employees could, unintentionally or maliciously, be walking around with sensitive company information mixed in with their iPod files. As much as companies are able to lock down their data centers from outside breach threats (and they should always stay on top of that), many have forgotten to turn their attention inward.

"I think one of the things that people need to be concerned about is determining where breaches are most likely to come from," said Craig Mullins, data management strategist and DBA consultant for Sugar Land, Texas-based NEON Enterprise Software. "A lot of times people think about data being breached or stolen and they start thinking in terms of external hackers, or people without data authority. Generally, however, the biggest breaches seem to be initiated by internal threats, by people who have the authority to look at and retrieve the data, but may not be doing the appropriate things with it."

From a database data perspective, a basic step companies should take is to put in place a system where people or an application (or both) can police the privileged users. Simply shutting down everyone's access to data isn't feasible, because the business would basically shut down. However, policing privileged users, such as system administrators, high-level database administrators, and others with unfettered data access, can reduce breach risks considerably.

"For example, most administrators shouldn't be accessing production data unless it's proven necessary for their job," said Mullins. "Companies need to get into the mindset that there are particular users that they need to trust, but verify. This requires a verification or auditing tool or process to watch what privileged users are doing, so companies can immediately identify and shut down suspicious activity before it can cause a significant breach."

It's important for companies to keep in mind not all data breaches are intentional or malicious. Many breach cases are accidental, with a privileged-access employee engaging in potentially damaging activity or accessing sensitive data without realizing it.

According to Mullins, human error and violation of policy are among the two top unintentional potential breaches. Organizations can combat both of these issues through better automation and planning. Having policies in place by themselves isn't enough; an automated method is needed for detecting violations, no matter how minor, and alerting the necessary parties, who can then take appropriate action.

Once a company has a policing process in place and an application operating that monitors privileged users and issues violation alerts, it's important to stay informed and up-to-date about technological innovations that can put a company at risk. Newer and smaller data storage devices, for example, pose an ongoing breach risk as people become increasingly tech savvy.

"Yes, keeping up with technology can be a challenge," said Mullins. "USB ports are a good example; I've seen organizations that, before they give out a laptop, they'll put super glue in the USB ports, so there are low tech solutions to high tech problems. But, it's not just limited to USB ports. Computers and laptops today come equipped with all sorts of data ports for other devices and data storage devices companies may not even be aware of."

At a far more basic level, companies should be paying some attention to their front and back doors, literally. While it's becoming increasingly difficult for hackers to breach the digital gates from the outside, they're still sometimes able to walk right through the real world gates and cause real problems.

"Businesses can run on surprisingly predictable routines," said Mullins. "I once watched a presentation where a guy showed how he got company information just by watching people go in and out of the building and noting what ID tags each person was wearing. By looking at those ID tags, he was able to determine what level of security the company had installed and which ID tags were easiest to re-create to gain access to the building. Once someone is inside the building itself, digital hacking becomes that much easier. So, it's important for companies to stay alert both in the digital and real worlds if they want to avoid a potentially damaging and embarrassing data breach."