It's a privacy issue - Protecting production data

With today's focus on privacy, there is a business challenge that crosses industries regarding production data. This challenge is the ability to use live or real data in non-production situations, with the confidence that the data will be safe and uncompromised.

"Protection of production data in test or research is an issue with the potential for large ramifications," says xxx at Compuware SA. "Recent legislation, litigation and world events raise the potential of data confidentiality problems when production data is used in test environments.

"But it is also an issue that can be remedied with small actions."

S/He says that to ensure applications deployed in production are reliable, IT departments must perform various levels of testing.

"A simple, logical process of identifying the requisite fields, the use of those fields and how they must be protected will set the criteria for protection. "Whether an environment is mainframe and/or distributed, the need for data protection is the same. The protection results must be meaningful, consistent, repeatable and efficient.

The data protection method must be able to meet the protection criteria quickly, with the assurance that security will not be jeopardised. And then the real work of development or research can begin.

"Naturally, the quality of testing and the subsequent quality of applications are highly dependent on the actual data used in these tests. The most important aspect of testing is that the data contains the right business conditions and relationships to support the testing," xxx says.

S/He also recommends that the production data be de-identified or desensitised for use in testing to protect the individual information. Adequately protecting production data also means changing that data," he/she adds.

To maintain the right business conditions and relationships, it must be remembered that data elements cross various databases. Test conclusions can be measured on the effectiveness of the application and not the data alone.

A solution should protect the privacy of individual information while, at the same time, allowing adequate application testing for the deployment of reliable applications.