Offshoring increases need to protect live test data: Report

A rise in offshoring is increasing the demand for technologies that enable companies to disguise real customer data during testing, according to Compuware.

Ian Clarke, global sales director of mainframe business development at Compuware, said: “We are getting more and more interest from customers that need to offshore. They take the work to India, but need to protect the data.”

Despite the risks of breaching the Data Protection Act, many organizations are still using real data for application testing, said Compuware, which provides this data-disguising technology and other application performance solutions.

For example, last year, the Ponemon Institute conducted research on behalf of Compuware that found that 83 per cent of multinational financial services companies used real data in the development and testing of applications. Furthermore, a majority of these organizations did not take appropriate steps to protect this data.

“The challenge over the last 10 years has been: how do you protect the real, sensitive customer data, like names and addresses? A lot of companies have overlooked [this when taking] the production data down to the test environment,” said Clarke.

Another challenge of disguising real data is that companies need to make sure that the test data is still relevant.

For instance, a changing the address field from London to Southampton keeps the data relevant, but it is not real. Or in the case of credit card details, four digits could be kept the same, but the rest of the 16-digit number could be randomized, so that it still looks like a credit card number.

Although IT teams could create test data, this is time-consuming and costly. Clarke said that some companies black out the sensitive information, such as the credit card number, but then the data cannot be tested.

In addition, there are thousands of different test processes that the data could be used for, which means that the information might need to be disguised in different ways depending on the testing situation.

“Within any typical project, you’ve got about 10,000 test processes to think about, such as unit testing, system testing, stress testing. Different types of scenarios. So one rule might not fit all,” Clarke explained.



Related Download
2016 Cisco Annual Security Report Sponsor: CompuCom
2016 Cisco Annual Security Report
Download The Cisco 2016 Annual Security Report for a closer look at how security professionals should respond to threats.
Register Now