Non-Production Security Strategy
Unnecessary Elevated Risk
The simplest solution to eliminate risk and save money
Non-production systems like Test and Dev systems contain production data in order to improve testing and catch problems earlier in the cycles. There is no operational requirement to expose sensitive production data on these systems if the testing could be performed at the same level of quality with different data.
In the secured production environment only users with an operational necessity have access to the data and their activity is audited & reviewed. In non-production environments, security is constantly violated as bugs need to be debugged and testing requires access to individuals’ sensitive data without any consent.
3 Pillars to Security
Remove the Data
Removing sensitive data from test and development systems is the easiest way to protect the data. This process is called Static Data Masking and it only needs to be done when the systems are refreshed with new data from production. Static data masking eliminates the security concerns on these systems and any associated costs.
In order for the masked data to be successfully used for testing, it must retain data validity and data integrity. This means that the new fake credit card numbers need to have a valid checksum. Relationships between accounts and transactions must be maintained. Fake new addresses must be in real cities and states with valid zip codes.
Generating random fake data is easy. The trick is to make good fake data that will retain the quality of testing. There’s no point in testing with masked data if it isn’t as good as testing with the real data. Making good fake data that looks real is all about retaining properties from the original data and it takes a little bit of effort and the right tools.