New applications must be comprehensively tested and evaluated prior to their deployment in production environments. However, this process can have the potentially disastrous side effect of putting the information contained in such applications at risk of compromise.
So says Salome Kwant, mainframe product manager at Compuware Corporation SA, who notes that sensitive data is most vulnerable to being stolen or leaked during the testing and development of applications because of the number of times it changes hands.
This raises the issue of providing protection for sensitive data while still effectively testing applications.
"The answer is to use testing tools that will automatically de-identify or desensitise production data, effectively rendering the information contained in the data invalid," she says.
Compuware has introduced Data Disguise technology into its File-AID Data Solutions product in order to provide data privacy without compromising testing reliability.
Data Disguise securely changes test data in three ways:
a. Scrambling - numeric characters are scrambled consistently to produce valid data. For example an individual`s ID number could be changed from 660109 0035 187 to 901101 2194 230
b. Translation - randomly replacing words with fictitious substitutes, such as replacing `Smith` with `Brown`.
c. Ageing - replacing dates, but maintaining birth year or month integrity. For example, this could be relevant in healthcare or insurance industries where birth year is highly important for research and statistical information.
"The result is that developers can test their applications with data that falls within valid fields, but is meaningless, versus the gibberish that occurs when industry-level encryption is used," explains Kwant.
Compuware is currently the only vendor that provides a testing environment that provides for the protection of data across multiple platforms.
Pete Lindstrom, Director of the US-based research house, Hurwitz Group, notes: "Compuware`s solution resolves a known weakness in many privacy campaigns, that of production data being used in a test environment, while addressing the developer`s need for legitimate test data.
"Compuware`s File AID/Data Solutions protect privacy and maintain integrity through the translation and ageing of sensitive data fields. And as part of an overall file and data management solution, File AID/Data Solutions provide companies with a framework for managing data extraction from the production into test environments and back."
According to Kwant, simply creating dummy data often isn`t an option. Applications designed to read names wouldn`t work with scrambled letters, while software written to recognise five-digit subscriber numbers must be tested with five-digit numbers.
"With Data Disguise, applications can be tested comprehensively without ever risking improper disclosure of sensitive customer information," Kwant concludes.
Share
Compuware Corporation, a multibillion-dollar company, provides business value through software that optimises productivity and reduces costs across the application lifecycle. Meeting the rapidly changing needs of businesses of all sizes, Compuware`s market-leading solutions improve the quality, ease the integration and enhance the performance of distributed, e-business and enterprise software. Compuware employs more than 12 000 information technology professionals worldwide. For more information about Compuware, please contact the South African subsidiary on +27 (0)11 516-2900 or visit Compuware SA on the World Wide Web at http://www.compuware.co.za.
Editorial contacts