Data and information governance is extremely important today, perhaps even more so than it was in 2008 when Freeform Dynamics was running a study looking at what was being done to improve the ability in the areas of compliance, discovery and, most importantly, data security.
The study focused on the use of data in the software life cycle, that is, in the development and implementation of new applications and upgrades. This area was just as important then as it is now, but it’s also easy to forget that in many geographies there can be limitations on the use of data for testing. if they include sensitive customer information. Some of what the study found was both eye-opening and disturbing, so what has really changed in the years since?
The survey found that the vast majority of participating organizations had at least some policies in place defining how live data could be used in testing. A follow-up question showed that 71% of participants used live data in their testing processes. Of those using live data, just over half said they only use sanitized data, meaning data that had been anonymized. About 40% of those who use live data in testing said they did so in both clean and raw form, and 3% admitted they only used raw, unredacted, live data. .
We must recognize that the use of live data may be perfectly acceptable if it does not contain anything controlled by law, regulation or organizational policy. However, given the nature of most data held in companies, it is unlikely that all test data was completely unrestricted in this way.
“Are we using live data in testing? No idea!”
Some of the questions that followed shed a worrying light on how the data used in the tests was vetted. For example, almost all IT professionals and security managers knew if live data was used in testing. But about two in five managers who deal with business risk or compliance were unable to answer questions about the use of real-time data in testing processes. Almost as many commercial or financial directors were similarly in the dark.
I wonder how many of them worked assuming it was MS (someone else’s problem), or if they simply hadn’t thought about how their systems had been tested. But taken together, these results showed that there was plenty of scope for things to go wrong and laws to have been broken.
Surprisingly, the survey found that nearly two-thirds saw a need to significantly improve communications between business and IT. On the technology side, a similar proportion of respondents thought general test data management tools or tools to help sanitize data would help make a difference.
One thing is clear: tools of this type perform much better today than they did back then. But are they used more widely now? In 2021, data governance is an issue that can easily impact the boardroom, and the misuse of sensitive customer data can lead to painful fines, not to mention very bad publicity. Has your organization improved its test data management?