How to Identify and Manage Software Testing Risks
Enormous data growth rates are remarkably high and undeniable. A tsunami of digital information is igniting the engine of today's corporate industry, and many businesses are striving to ride the data wave to success.
Yet many businesses are not adequately attentive to all the potential liabilities sneaking in the depths of this data, including the risks associated in using personally identifiable customer or employee information (PII) for application development and testing purposes. There's real potential for serious legal and noncompliance, data security and data leakage risks when companies fail to guard this data.
According to 2019 MidYear QuickView Data Breach Report the first six months of 2019 have witnessed more than 3,800 publicly revealed breaches exposing an unbelievable 4.1 billion compromised records. The striking fact is that around 3.2 billion of those records were exposed by just eight data breaches.
It goes without saying that the PR aftershocks from such an incident can be devastating to even a well-regarded company. But let’s be cynical for a moment and look only at the cold, hard financial impact. As per a report, the average cost to the breached company could be $202 per compromised record and $6.6 million per data incident.
In addition, the FDIC may levy fines from $5,000 to $1,000,000 per day, and GLB sections 501 and 503 enable criminal penalties.
Of course, we don’t need to talk you out of having a data security incident. Nobody chooses to have one. But when it comes to prevention, we believe many companies are still dropping the ball.
Data Privacy Risk: It’s a Growing Concern
How to stop the bleeding? It seems like a tall order. According to an independent Oracle user group, 62% of organizations can’t prevent their super users from reading or tampering with sensitive information. Most are unable even to detect these incidents. And only one out of four organizations believes its data assets are securely configured.
On top of that, we’re still in the growth curve for worldwide internet usage. The number of online transactions is increasing exponentially. Personal financial data is flying around in all directions. As more people gain access to the Internet, the number of criminals online will increase accordingly.
Don’t let your company be their next victim.
Partly due to the financial and PR issues described above, partly due to consumer privacy concerns, and partly due to an increasingly stringent regulatory environment, safeguarding data privacy has become a top priority in virtually every industry.
Companies that are serious about preventing incidents should focus on securing any and all copies of their production database. As we’ve discussed on this blog, it’s not uncommon for large companies to maintain 10 copies of production – full clones used for testing, training, and development purposes.
To make matters worse, the people who have access to these copies of production are often “outsiders” – third-party consultants who you may not have vetted as carefully as your actual employees. Giving them full access to sensitive corporate data creates a significant privacy risk.
Masking Data to Minimize Risk
Where to begin privatizing data? Many organizations struggle just to figure out where all their at-risk data lives in the corporate environment. The next step is to put in place a simple yet reliable mechanism for masking, or scrambling that data so that it will still be useful for testing but won’t endanger the privacy of your customers and employees.
IBM InfoSphere Optim Data Privacy is a solution that minimizes risk without slowing down your testing. By masking personal information, IBM Optim protects confidential customer and employee data and ensures compliance with all levels of privacy regulations.
Of course, masking your data is only part of the game. It’s also a best practice to subset your production database, rather than use full copies of production, for testing and other non-production activities. IBM InfoSphere Optim Test Data Management facilitates that process. And when you use Optim Data Privacy and Optim Test Data Management in tandem, you can actually apply data privacy rules to production data while you’re subsetting it.
It’s a pretty good one-two punch – much more desirable than the one-two punch of a costly data breach and the ensuing PR nightmare.