Click here to receive your FREE subscription to Campus Technology
News
Use of Live Customer Data in Application Testing Still Widespread
2/8/2008
A survey released by Compuware Corporation and the Ponemon Institute shows "an overwhelming majority of organizations surveyed risk compromising critical information by using actual customer data for the development and testing of applications."
The report, The Insecurity of Test Data: The Unseen Crisis, said that 62 percent of companies surveyed use actual customer data instead of disguised data when testing applications. Of those companies, 89 percent use customer files and 74 percent use customer lists. The report notes that live data often includes "employee records, vendor records, customer account numbers, credit card numbers, Social Security numbers, and other credit, debit, or payment information."
Developers may believe that test data is immune from privacy threats because they are testing in a non-production environment, but the survey pointed out that such environments are usually less secure than their production counterparts. It also noted that testing data may be exposed to such unauthorized sources as in house testing staff, consultants, partners, and offshore personnel. More than half (52 percent) of respondents said they outsource their application testing, and 49 percent of those respondents shared live data with the outsourced company.
"For many organizations, large customer data files represent an easy, cheap source of data to use when testing applications, but this process introduces a huge element of risk to the challenge of maintaining the integrity of sensitive information, particularly when third parties and offshore resources are involved," said Larry Ponemon, chairman and founder of the Ponemon Institute. "This study points to a need for greater awareness and accountability over how sensitive data is used within organizations. Common practices as they relate to all uses of live data must be evaluated to assess risk, and safeguards implemented to ensure data security."
The survey reported that half of the organizations using actual customer data in testing don't protect that information. Some 897 IT professionals participated in the survey; they averaged 10 years of experience.
Among the other findings:
-
Half (50 percent) of respondents have no way to know if the test data had been compromised;
-
More than four in 10 respondents (41 percent) do not protect live data they use when developing software;
-
More than a third (38 percent) were unsure if the live test or development data used in their organization had had been lost or stolen; and
-
More than one-fourth of respondents (26 percent) didn't know who was responsible for protecting test data--26 percent thought it was the development team, 21 percent thought the testing organization was responsible.
"Few people realize how much is at risk during the development and testing of applications," said John Williams, senior vice president, product solutions, Compuware. "All ... organizations ... have an obligation to protect the privacy of consumer data. To eliminate the test data security risk, an increasing number of our clients are using our Test Data Privacy solution that provides them with an automated, repeatable process for creating safe and effective test data."
James E. Powell is the editorial director of Enterprise Strategies.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Sun, Stanford Working To Archive History
In May in San Francisco, experts from leading universities, libraries, and research institutions around the world met as part of an ongoing effort to address a pressing issue: archiving the world's history, right up to today.
- The Quilt Coalition Rolls Out XO Communications for High-Capacity Network Services
The Quilt, a coalition of 28 regional network organizations, has added XO Communications Services to its authorized vendor list. The Quilt represents 200 universities and thousands of other educational institutions across the United States. With this new relationship, Quilt members can purchase XO's high-speed IP transit and network transport services at competitive rates.
- Wimba Classroom 5.2 Expands Classroom Capture Support, Adds MP3 Downloads
At the NECC 2008 conference in Texas this week, Wimba launched a new version of Wimba Classroom, the virtual classroom component of the company's Collaboration Suite. The new 5.2 release expands options for classroom capture and adds a variety of other functional and ease of use features.
- Automation Chimera: Education Is Not Management
The lure of automating workflow online so human intervention is minimized is continually reinforced in the minds of higher education administrators by examples of automated campus systems such as financials, student information systems, and other enterprise systems. But what's good for management is not always good for learning.
- Cognos Releases BI Software for Linux-based IBM System z Mainframe
Cognos, which IBM acquired in January, has released an update to its business intelligence software that will run on the Linux operating system on IBM System z mainframes. IBM Cognos 8 BI was being developed by the two companies prior to the acquisition, but assimilation of Cognos into IBM accelerated development.
- Facebook and Collegiality: A Serendipitous Social Niche
Facebook is a way to greet a colleague as if she or he is on your own campus: a wave at a distance, a hello at the corner burrito place, a honk as you both leave the campus parking lot. Informal collegiality has been extended over the miles.
