COMMUNICATIONS
ENTERPRISE APPLICATIONS
SECURITY
STORAGE
SYSTEMS & TOOLS
BUSINESS CONTINUITY
CASE STUDIES
GOVERNANCE
SERVICE MANAGEMENT
 

 

> TECHNOLOGY > SECURITY

Use of sensitive consumer data in application testing widespread
ConvergenceAsia staff
13/12/2007

A survey released by Compuware and the Ponemon Institute showed an overwhelming majority of organisations surveyed risk compromising critical information by using actual customer data for the development and testing of applications.

The Test Data Insecurity: The Unseen Crisis report found that 62 per cent of companies surveyed use actual customer data instead of disguised data to test applications during the development process. Of those companies using actual customer data, 89 per cent use customer files and 74 per cent use customer lists.

Examples of the live data often used include employee records, vendor records, customer account numbers, credit card numbers, Social Security numbers and other credit, debit or payment information.

According to the report, testing data may be exposed to a variety of unauthorised sources including in-house testing staff, consultants, partners and offshore personnel. In fact, the study showed that 52 per cent of respondents outsourced their application testing, and 49 per cent of those respondents shared live data with the outsourced organisation.

“For many organisations, large customer data files represent an easy, cheap source of data to use when testing applications, but this process introduces a huge element of risk to the challenge of maintaining the integrity of sensitive information, particularly when third parties and offshore resources are involved,” said Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute.

“This study points to a need for greater awareness and accountability over how sensitive data is used within organisations. Common practices as they relate to all uses of live data must be evaluated to assess risk, and safeguards implemented to ensure data security.”

The report also found that half of the companies using actual customer data for testing purposes do not take steps to protect that information. Other significant findings included:

- 50 per cent of respondents have no way of knowing if the data used in testing had been compromised.
- 41 per cent of respondents reported they do not protect live data used in software development.
- 38 per cent of respondents were unsure if live data their organisation used for testing or development had been lost or stolen.
- 26 per cent of respondents said they did not know who was responsible for securing test data, 26 per cent believed the development organisation was responsible and 21 per cent said the testing organisation was responsible, suggesting no clear ownership for sensitive test data.

The study, conducted between July 2007 and August 2007, used a proprietary web-based survey platform with the results derived from the responses of 897 IT professionals with an average of ten years experience. The survey was commissioned by Compuware and fielded by the Ponemon Institute.

Compuware maximises the value IT brings to the business by helping CIOs more effectively manage the business of IT. Dedicated to advancing responsible information and privacy management practices in business and government, the Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organisations in a variety of industries.

 

advertisement



Sponsored Links
Exploit Technologies Breakthrough Technologies Available for Licensing
USONYX Affordable and Reliable Web Hosting Solutions 
   

Copyright © 2007 ConvergenceAsia.com. All rights reserved.