London software testing news UK

Is the Testing Phase a security weakness?

Posted in Software testing by testing in London on November 27, 2007

From Internet News 

Despite so much concern over data security these days, there’s one point of weakness that might not have occurred to many IT managers: their testing process.

Many modern ERP and CRM applications have to be tested with live data, since “dummy” or made-up data typically isn’t enough, and that potentially means databases are open to anyone in the testing process.

Adding to this problem is the fact that many development and quality assurance (QA) and testing departments have been outsourced to India and other overseas locations. This puts companies in the bind of using live data to test, or spending the time to make dummy data.

Gamma Enterprise Technologies, a provider of application data management software for firms running SAP software, today released the results of a survey of SAP users that found protecting this data is a big concern for customers. Perhaps not surprisingly, Gamma also believes it has the solution.

The survey shows that nearly 70 percent of the 175 respondents across 23 countries are concerned about the exposure of sensitive data in non-production environments like testing. Despite these concerns, most survey participants have no plans for improving their security practices.

It might seem obvious not to use production data in a testing environment, but it’s generating enough records properly testing SAP software applications is just not that easy. SAP customers have databases of five to 10 terabytes or more, and to properly test an application would require many gigabytes of data to fill the data fields in the application, Swanson said.

To address this, Gamma offers InfoShuttle Data Security, which enables organizations to use, customize and create sophisticated rules for masking sensitive information that has been moved into development, testing, training and sandbox environments.

The product provides 24 different rules to scramble data moving across the enterprise while protecting its integrity for use in testing. This involves steps like scrambling names, addresses, social security numbers and other fields while maintaining that data in the live database.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: