Reliability is a key IT requirement, we all live with the reality that production systems need to be solid and changes made to those systems need to be stable from day 1. Getting that level of stability is key to the job we do as IT professionals, one key element of that is testing and of course testing needs test data. Developers or QA Staff creating artificial or synthetic data for unit and functional testing is a good thing, but you need to know also that when you hit the button at the end of the day to put the application live you won’t be getting an unwelcome phone call a few hours later, that means you need to test your application changes with the circumstances the code will hit when it goes live. That’s why according to a survey of 240 major European users 71% used production derived data as part of the testing process – great for quality but what about Data Privacy?

In fact use of real data in a non-production context can be somewhat of a disaster for data privacy, sensitive data on Developers machines, data sticks and so forth is a recipe for non-compliance to both national legislation and industry regulation. But what is sensitive data? We’d all immediately identify that credit card numbers, bank account numbers and so forth are sensitive, but actually any data that contains “personal identity information” such as names, addresses, ethnicity, political views and so forth is potentially subject to laws and regulation such as HIPAA, PCI DSS and many more.

The solution to this is Data Masking – not the clearest of terms (often also called Data Obfuscation, Data De-identification or Data De-sensitisation) where data is substituted or other appropriately contextually aware data so that what was information is turned into pure data without meaning as information, but still realistic for testing (or training purposes). With Data Masking, as well as strong context-sensitive substitution and masking algorithms the key is completeness and consistency, you need to mask all the relevant fields not just a few and you need to mask them consistently across multiple data stores on many platforms. It’s important to build a complete picture of all the data structures and characteristics within an IT infrastructure so that for example all instances of SSN’s (Social Security Numbers or National Insurance numbers) are masked consistently and correctly. Bottom Line : Developers get good test data but not sensitive information.

If you have a need to either mask and/or subset production data used for testing or other non production purposes then you may find the sessions at Micro Focus Live on Data Express of interest or see www.microfocus.com/products/dataexpress for more information.

Comments Welcome!