Data masking key to application testing: CA Technologies
By Goh Thean Eu November 8, 2016
- Many companies still use copies of live production data in a testing environment
- Growing demand for test data management solutions in Asia Pacific, including Malaysia and Singapore
DESPITE the growing importance and usage of various business applications, many enterprises are not testing their applications in the most effective way, and in some cases, put themselves at security risks, said a senior official of CA Technologies.
According to CA Technologies vice president Huw Price, companies may not be paying enough attention to what happens to sensitive data during the process of application testing.
"They are not (paying enough attention) but it is hard and complex. It is much more of a difficult task to remove sensitive data because one piece of information gives you everything about that person. So one has to be careful about that," he said.
He added that many companies still use copies of live production data in testing environments without any control over how the data is handled.
"This means that application testing can be, and in fact often is, a gaping hole in an organisation's data protection efforts," said Price.
He said that the key to application testing is to drive quality into software delivery and there is a need to look at many elements at the same time.
"Companies need to do things in parallel. So the thinking, designing, coding and testing happens congruently and all assets are created at the same time. One needs to be more rigorous when it comes to writing test data requirements," said Price in an email interview with Digital News Asia recently.
Here comes data masking
Price (pic right) believes that data masking, where sensitive information is obscured by realistic but not authentic data, is an effective way to protect data in the application testing process.
"One of the most common approaches to protecting test data is data masking, where sensitive information is obscured by realistic but not authentic data. Obscuring data can be done in a number of ways – it may involve encryption, word substitution or character shuffling.
"While effective for minimising the consequences of a data breach, this method will usually retain some information from the original data (such as temporal or causal relationships) and does not overcome human error. Companies that handle large amounts of very sensitive data may want to seek alternative approaches," he said.
Cloning, which is part of the data masking strategy, is also becoming a popular method for companies.
"Cloning is a really cool and different way of thinking. Cloning means one has found some interesting data, and it could be say production, Dev 1 or Dev 2 and one wants more of it. They clone it and keep the core characteristics of the data together and probably create fifty more account histories from one.
"Cloning is sometimes a much easier way to think about synthetic. When the data is cloned, it is masked heavily or synthetically creates names. This is becoming a more popular method.
"It’s more of an ad-hoc subset of masking and it can give the data that is needed. It is synthesized 80% but the core data still exists. This is a different approach which a lot of companies are doing instead of synthetically creating data," explained Price.
Data masking for all?
While data masking may seem like a good solution, its adoption rate is rather patchy and some industries appear to be slower when it comes to adopting data masking.
"The adoption has been very patchy. The retail sector is very poor when it comes to the adoption of data masking. In the heathcare industry, it is very difficult to mask data because it is a difficult and complex area to mask as it has the most regulations.
"However, government institutions have mostly been a bit more systematic and have more processes," he said.
Nevertheless, Price said that the company is seeing growing demand for test data management solutions across the Asia Pacific, including in Singapore and Malaysia, as companies are challenged to deliver software applications faster without sacrificing quality, and at a lower cost.
"In Singapore and Malaysia, we have seen strong interest from the financial and banking, and telecommunications industries," he said.
Mesiniaga sees its future in software testing
What lessons can enterprises learn from augmented reality games?
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.