How to Ensure Data Security for Non-Production Computer Systems

 
 
By Suzanne Swanson  |  Posted 2008-06-24 Email Print this article Print
 
 
 
 
 
 
 

For a company to ensure its software upgrades-especially business-critical applications-work as needed, testing on real data is required. According to Suzanne Swanson from Applimation, this data needs just as much protection as it does when it's being used in production.

While the industry deals with the most egregious aspects of data theft, many computer systems still remain vulnerable to attack at some level. An important tier of computer data remains practically untouched and unprotected by today's new data security procedures: non-production systems used for in-house development, testing and training purposes.

These systems are generally "open," and leave a large hole in the security practices at companies of all sizes. Non-production environments leverage "real data" to test applications, housing some of the most classified information in an organization, including employee records, customer records, and financial transaction documents. Yet, non-production environments are generally exposed with little or no logging and monitoring, and these systems are often made available for remote access, and as a result, they are difficult to secure.

In order to prevent security breaches that often lead to unwanted media attention and costly legal liability, there are a few steps you can take to protect sensitive data. First, understand the threat in non-production environments. Second, use a data masking or "obfuscation" tool in conjunction with access control. Third, follow through with the investment of the appropriate security measures in the front end.

Understand the Threat
Insider threats lead the way, accounting for approximately 60 percent of all data breaches. The black market for sensitive personal information provides a powerful lure to some individuals, as stolen data has become a highly lucrative business. For example, credit card information brings $1.50 per record and medical identity card information is worth even more, at $5 to $50 per record.

Most organizations prefer to test their applications with "real data" in both their development and test environments, as this provides the best scenario to ensure applications work properly. However, typical control (people, process and technology) practices and security measures taken in development and test environments are generally a fraction of what is practiced for production databases. As a result, many companies inadvertently jeopardize highly sensitive information at the application development level.

"In today's software development world, many organizations have diversified their development resource. They either have development sites off shore (owned or contracted), contract coding to companies within their respective countries, hire contractors to work within their development facilities, and/or employ people to develop their software," said Louis Carpenito, an independent senior security executive with a lengthy record of data security experience with such organizations as Symantec, Fidelity Investments and Johnson & Johnson.

"Since non-production environments are generally "open" with little or no logging and monitoring and are often accessed remotely, they pose an easy target for data thieves, and quite simply invite both inside and external threats to harvest sensitive personal information with relative ease and without detection," Carpenito said.



 
 
 
 
Suzanne Swanson leads Applimation's business development, product management and marketing teams. Ms. Swanson has over 17 years of experience in planning and executing strategic business opportunities for leading enterprise software companies. Prior to joining Gamma, she was Senior Vice President of Business Development at Patchlink. Before that, she was the Senior Director of global OEM sales at Symantec. Ms. Swanson has also held executive positions in business development and sales at SecurityFocus and Computer Associates. Ms. Swanson majored in Business Administration at the University of Kansas.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel