Your production data could be more exposed than you think during software testing.
Data masking during software testing (or otherwise) is not the simple process that the uninitiated might suppose. Gone are the days when replacing personally identifiable information with random characters makes the grade. Obfuscating data for use in development, testing, and QA environments means you need to be able to quickly provide teams with secure sets of consistent, meaningful data that can be used again and again. But this can be difficult to achieve, particularly in geographically dispersed organizations, and especially if you don't adopt a systematic, centralized approach to de-identifying sensitive data.
The case for data masking—known variously as data obfuscation, data de-identification, and data desensitization—becomes even more compelling when you consider that 63 percent of data breaches are the result of internal causes, such as human error or business/IT process failures. Therefore, simply by securing the data before it is outsourced to third-parties and off-site teams, or made available for development and testing, you can mitigate the risk of exposing sensitive content by two-thirds! Presented in these terms, data masking is no longer a "nice-to-have," but an essential business process.
Just how valuable is data masking to your organization? According to the Ponemon Institute's 2013 Cost of Data Breach Study, the average data breach in 2012 cost $5.4 million ($194 per record) in the United States. In more heavily regulated industries, the risk is far greater; in fact, the global average cost per record for data breach in the healthcare industry is $233, and in the finance industry it's $215. After you factor in the cost of customer defections and resultant falls in share price, it becomes clear that it has never been more important for organizations to de-identify sensitive data.
Providing development, testing, and QA teams with realistic, consistent, and secure test data is critical to a proper software development lifecycle (SDLC). Of course, any test data provisioning exercise needs to also consider the requirements of data protection legislation and internal policies for securing sensitive information.
Adopting a structured, systematic approach to data masking allows you to respond to the needs of the business, while also ensuring best efforts in meeting compliance with data protection standards. Again, this enables you to significantly mitigate the risk of at least two-thirds of the causes of data breaches, while allowing you to accurately scope, and minimize, the cost and effort required to secure your sensitive content so as to provide a powerful business case for adopting the best practices expected by regulators.
Download the white paper "A Road Map to Successful Data Masking" from the MC White Paper Center and learn why entering into your data-masking project with a clear, systematic road map will help you understand:
- Where the sensitive data is located within your IT infrastructure
- What data needs to be masked
- How to properly desensitize the data to maintain compliance with data protection standards