Data Scrambling leaves CIOs without egg on their face

Original Software addresses data security issues in TestBench for Oracle v6.3

5th August 2008 – Original Software, the testing solution vendor, today announced the release of the latest version of TestBench for Oracle which includes an intelligent data scrambling module, protecting companies from data exposure and satisfying audit and compliance requirements, as well as safeguarding the individuals or companies referenced in the data.

Common sense and good practice say that exposing traceable production data to test disciplines is risky. Despite legal requirements and in some cases severe penalties for breaking them, testing on live data still tends to be common practice. One survey showed 62 percent of companies were using live customer data to test applications and 49 percent shared this data with outsourced testers, with no way of knowing if it was ever compromised*.

Production data as a source of background data is valuable and desirable for testing and allows the test environment to represent the live system as closely as possible. A recent report from analyst group Freeform Dynamics - ‘Data Governance in the Software Lifecycle’ – highlights the need for improvements in automation in areas such as test data management, and live data sanitation in the testing process.

Using the new data scrambling module within TestBench for Oracle, real data can be used that accurately reflects the live environment, but has been made anonymous, neutralising the risk of testing on live data by no longer exposing real customer details and high security risk items to the live testing process.

TestBench can transform this data in two ways:

• By using existing data – Real records are used but the data fields are randomly scrambled between rows, de-identifying customer records for example. Developers may choose to keep some related fields together – for example lines 1, 2, and 3 of the address, for address validation purposes – and just mix up the other details.
• By generating new data – recommended for when data is so sensitive (for example, credit card numbers and bank details) that just mixing the field with a different customer name is not sufficient. Developers have three options – to randomly generate, to generate numbers with a sequential start value, or they have the option to write their own program to generate data and plug it straight in. To maintain database integrity, the module will intelligently change these details everywhere they appear – for example in order files, within the customer records database and in all invoices.

Colin Armitage, CEO of Original Software said: “The scrambling module completes our Oracle data management capabilities. Customers can already extract data from live systems to a test environment and the testing functionality enables them to view the effects of the application under test on the database. They can then build rules to validate database effects for all future tests. Our data protection module allows users to roll back the changes and reset the environment if it becomes corrupted by any testing activity, and now we can also ensure that the data being used, is not only risk-free but is still representative of the live environment.”

All of the TestBench for Oracle functionality including data scrambling is available on 9i, 10g and 11i versions.

* The Insecurity of Test Data: The Unseen Crisis, - a Compuware / Ponemon Institute study

Back to Top^