Sensitive data is at its most vulnerable to being stolen or leaked during the testing and development of applications. Thats because of the number of times it changes hands.
New software, File-Aid/Data Solutions 3.3, from Compuware Corp. should reduce the risk of vulnerability considerably, said company officials in Farmington Hills, Mich.
File-Aid/Data Solutions 3.3 is a developer toolbox for organizations looking for automated data privacy software. It handles privacy in the development, testing and research phases and keeps snoopers from getting to the data.
The software also meets legislative privacy requirements, such as those of the federal Health Insurance Portability and Accountability Act of 1996.
Enterprises are also looking to protect sensitive data because of concerns over liability. Testing and research can expose sensitive production data—such as medical record numbers, diagnoses, Social Security numbers and home addresses of customers—to many employees, including IT and non-IT testers, said Rosemary Long, Compuwares product manager for File-Aid/Data Solutions.
New in version 3.3 is the Data Disguise feature, which protects production data in test environments. The new feature includes field- and record- level key encryption, field masking, hashing, and translation performance improvements, Long said.
During these development, testing and research phases, data typically goes through several hands and can be compromised. File-Aid/Data Solutions 3.3 addresses this risk by delivering a proprietary encryption scheme, a translation scheme for replacing names and values with alternative names and values, and an aging mechanism for hiding or changing date information in data.
John Stevens, manager of test environments and testing support at Blue Cross and Blue Shield of Minnesota, in Minneapolis, said he uses the Compuware technology to help meet strict data privacy requirements.
"Minnesota has tougher privacy rules than HIPAA," said Stevens.
Stevens said he began using a predecessor of the new product to prepare for the year 2000 conversion, which helped with changing fields and cleaning up data to comply with federal requirements. Compuware built on that functionality and has added the proprietary encryption, translation and aging schemes to disguise the data an organization uses in its testing environments.
Stevens said the product also helps his team create test scenarios from his organizations massive stores of production data—production files fall in the "600GB range." Yet, with Compuwares product, he is able to pull out portions as small as 12 percent of the size of production for accurate testing.
"They call it disguising," Stevens said. "Thats a good way to put it because you cant just throw garbage into those [testing] buckets. You need a last name where a last name was, etc. ... We can move the data in, disguise it as needed and pull it out."
"Test systems tend to leak production data because people dont pay attention to them," said Pete Lindstrom, an analyst at Hurwitz Group Inc., in Framingham, Mass. "This solution provides productionlike data without leaking private information into ignored or lesser-protected systems."
File-Aid/Data Solutions 3.3 is available now, with pricing starting at $15,000.