I recently visited a client running multiple SAP applications with three non-production copies per environment - a separate copy for Test, Development, and Training. When asked what data they were using for the non-production copies, they stated they preferred to use data from production because they were guaranteed to have the latest, up to date information which should eliminate any testing issues associated with the data itself.
When probed who was executing the tests, their answers included outsourced organizations, summer college interns, and internal resources. The applications that they were testing supported the Finance and Human Resources departments to name a few. I continued the interview by asking if they mask or obfuscate private or sensitive data. They responded that they had tried to use data masking scripts, but the result made the data values unreadable and actually broke the application because what they used did not take into consideration the data or relational integrity. So they simply tell the testers and trainees to ignore the actual data values.
Does this conversation alarm you as much as it did me? I was in a high tech bubble, surrounded by bright SAP Basis administrators and database administrators and yet none of them were concerned with the potential risk they exposed their organization to. When working with clients, it is a delicate balance to lead them to the light versus coming right out and saying – are you that naive?
Hence I begin the data masking conversation. Data Masking is critical in this litigious day and age. Far too many examples are out there of what can happen when you don’t protect your company’s assets or protect your company from a potential exposure. Industry experts and practitioners alike all agree that the number one source of data theft is from people within the organization. There are plenty of solutions in the market that can address data masking needs in non-production database environments so there are no excuses for not deploying one. Informatica Data Masking solutions deliver prepackaged support for all the major applications including SAP to ensure when data is protected or obscured, the application will continue to function.
Don’t become another statistic – take data masking seriously and begin the conversation today.
Julie Lockner, Founder, www.CentricInfo.com